An Online Community for Identity & Access Management Professionals
Siteminder Active Directory Authentication Policy
We have a few websites we would like to use AD to authenticate the users with. We have found that we can add an AD OU to the Siteminder Policy but when we try to add the Domain Users group we can not logon to the site. We have many OUs and don't want to have to add them all to the policy and then have to maintain the list of OUs. Any other suggestions?
Views: 94
Replies to This Discussion
-
Permalink Reply by Todd Clayton on -
Hi,
What messages do you see in the SiteMinder profiler log? Is there an indication on why authorization is being denied? Are you really trying to only authorize a subset of the users in the AD? If not, you can just use "all" (without quotes) in the policy. Just type it and add it to the policy list of users manually. Also, you can authorize based upon LDAP queries as well. So, if all the users were in a group called group1, then for AD you could add this to the policy:
(memberof=group1)
Another thing to keep in mind is that if you have dc=company, dc=com at the root and you want all users, you don't need to add each ou. Just add the root and all users below that root will be authorized.
Todd
-
Permalink Reply by Daniel Regier on
-
I tried using dc=company,dc=com but it would not allow it. But, it seams that "all" works just fine.
Thank you for your help with this.
© 2012 Created by CoreBlox
