How is the LDAP search query for the SM_USERGROUPS formed ?

Document ID : KB000045283
Last Modified Date : 14/02/2018
Show Technical Document Details

Question:

How is the LDAP search query for the SM_USERGROUPS formed ?

Environment:

Policy Server : r12.5 and above

User Store : LDAP ANY

Answer:

Following two registry defines the LDAP query for SM_USERGROUPS:

  • HKEY_LOCAL_MACHINE\software\wow6432node\netegrity\SiteMinder\CurrentVersion\Ds\GroupClassFilters
  • HKEY_LOCAL_MACHINE\software\wow6432node\netegrity\SiteMinder\CurrentVersion\Ds\LdapMatchUserDN

And, the query format is like :

(|

(&(objectclass = <GroupClassFilter1_From_GroupsClassFilters>) (<Attribute_Name_From_LdapMatchUserDN_Corresponding_To_GroupClassFilter1>=<USERDN>))

(&(objectclass = <GroupName_From_GroupClassFilter_2>) (<Attribute_Name_From_LdapMatchUserDN_Corresponding_To_GroupClassFilter2>=<USERDN>))

(&(objectclass = <GroupName_From_GroupClassFilter_3>) (<Attribute_Name_From_LdapMatchUserDN_Corresponding_To_GroupClassFilter3>=<USERDN>))

and so on..

)

For e.g.:

(|

(&(objectclass=groupOfNames)(member=uid=user1,ou=Users,dc=ca,dc=com))

(&(objectclass=groupOfUniqueNames)(uniqueMember=uid=user1,ou=Users,dc=ca,dc=com))

(&(objectclass=group)(member=uid=user1,ou=Users,dc=ca,dc=com))

)

 

 

Additional Information:

N/A