How to configure the Policy Server Registry Key EnableSearchFilterCheck ?

Document ID : KB000047018
Last Modified Date : 14/02/2018
Show Technical Document Details

Question :

How the Policy Server EnableSearchFilterCheck Registry Key works?

Environment :

Policy Server R12.52 SP1 CR01 on RedHat 6;

Answer :

The Policy Server EnableSearchFilterCheck Registry Key should be configured as follows :

HKEY_LOCAL_MACHINE\SOFTWARE\Netegrity\Siteminder\Ds\LDAPProvider\EnableSearchFilterCheck

Key: EnableSearchFilterCheck
Type: REG_DWORD
BASE: Decimal

where the values can be :

EnableSearchFilterCheck = 0
No Filter check for Search calls

EnableSearchFilterCheck = 1
Impose check on Filter to comply with RFC

EnableSearchFilterCheck > 1
Impose check on Filter to comply with RFC and block the search call if it does not comply with RFC.

This Key may be helpful to solve syntax error in LDAP Search filter such as :
Wrong syntax of LDAP search filter:
(CN=\28|\28cn=myname\29\28mail=myname@ca.com\29\29)