Preventing The TSS LIST(ACIDS) DATA(ALL) Command

Document ID : KB000050192
Last Modified Date : 14/02/2018
Show Technical Document Details

Description:

Is there a way to limit/prevent issuing a TSS LIST(ACIDS) DATA(ALL) via CA LDAP?

Solution:

Per the CA LDAP Product Guide:

     disable_list_acids   

When an LDAP search operation is received and a TSS LIST(ACIDS) command would be required to fulfill it, this option will disable the execution of that search. The option is intended to ensure that run away searches aren't issued to CA Top Secret.

Default: off (do not stop TSS LIST(ACIDS))

To enable the option, add the following:

     disable_list_acids