Pre-requisites for enhanced Active Directory integration

Document ID : KB000054428
Last Modified Date : 14/02/2018
Show Technical Document Details

Description:

In order to have a better integration between SiteMinder and Active Directory as a user store you may want to activate Enhanced Active Directory Integration. You will then have active directory attributes synchronized with SiteMinder attributes for password and user management:

  • accountExpires

  • userAccountControl

  • pwdLastSet

  • unicodePwd

  • lastLogon

  • lastLogonTimestamp

  • badPasswordTime

  • badPwdCount

  • lockoutTime

  • lockoutDuration

  • pwdMaxAge

Solution:

To make it work you need to:

  • Use LDAP NameSpace for the user directory definition

  • Set up Secure connection between AD and the policy server

  • Set up User Attributes of the directory definition (they will be synchronized with AD attributes)

  • Enable the Enhanced Active Directory Integration in the global settings of the policy server user interface