What are the AD native attributes managed by the SiteMinder policy server?

Document ID : KB000050153
Last Modified Date : 14/02/2018
Show Technical Document Details

Description:

When you integrate SiteMinder with Active Directory as user store you may be interested in the attributes managed by the Policy Server with non-enhanced and AD enhanced mode.

Solution:

The PS reads the following LDAP parameters in both non-enhanced and AD enhanced mode

  • userAccountControl
  • pwdlastSet
  • sAMAccountName
  • SM password data (blob)

The PS reads the following additional LDAP parameters in AD enhanced mode Only:

  • accountExpires
  • maxPwdAge
  • lockoutTime
  • lockoutDuration

The PS writes the following parameters in both non-enhanced and AD enhanced mode:

  • userAccountControl
  • SM password data (blob)
  • pwdlastSet

The PS writes the following parameters in AD enhanced mode only:

  • unicodePwd
  • lockoutTime

Note: A login failure will trigger AD to modify the following user attributes.
These attributes are not currently used by SM:
logonCount
badPasswordTime