Use link for knowing
How Siteminder interacts with LDAP
http://www.coreblox.com/blog/2009/06/how-siteminder-interacts-with-ldap/
Siteminder holds 3 connections open to each LDAP user directory. They are as follows:
DIR: This connection is held open by the user who is configured in the “Credentials and Connections” tab of the User Directory. The initial search for users in authentication is done over this connection, and any WRITE operations (due to Password Services) are also done over this connection. There are a lot of questions about what permissions the Admin user needs to have, and it’s simple… if you will not be using Password Services, then the user just needs to have READ permissions to the section of the user directory where your users are (whatever you put in the Root DN of the directory). If you will be using Password Services, then that user needs to at least have the same READ permissions, and also have WRITE permissions to the attributes in the User Attributes tab of the user directory.
USR: This connection is used by authentication to try the BINDs. No other data is sent across this connection. A BIND is attempted and if it works, then the user is authenticated. The connection is left in that state, owned by the user who just bound. When the next authentication attempt is made, the handling depends on the type of directory. If the directory supports REBIND, then that is what is done, meaning the connection is never broken down, it is just overtaken by the new BIND. If the directory does not support REBIND (like AD), then the connection is Unbound and then a BIND is performed with the new user.
PING: This connection is used to monitor the health of the directory. It sends a very basic search to the directory. If it gets a response, then the directory is considered healthy, so the Policy Server will continue to send requests there.
The search has a blank Root DN, a scope of “base”, and looks for objectclass=*. According to LDAP spec (RFC 2251), all compliant LDAPs will return some basic info about itself and its capabilities when a query is received with those parameters:
ldapsearch -h <IP of directory> -b “” -s base objectclass=*
How Siteminder interacts with LDAP
http://www.coreblox.com/blog/2009/06/how-siteminder-interacts-with-ldap/
Siteminder holds 3 connections open to each LDAP user directory. They are as follows:
DIR: This connection is held open by the user who is configured in the “Credentials and Connections” tab of the User Directory. The initial search for users in authentication is done over this connection, and any WRITE operations (due to Password Services) are also done over this connection. There are a lot of questions about what permissions the Admin user needs to have, and it’s simple… if you will not be using Password Services, then the user just needs to have READ permissions to the section of the user directory where your users are (whatever you put in the Root DN of the directory). If you will be using Password Services, then that user needs to at least have the same READ permissions, and also have WRITE permissions to the attributes in the User Attributes tab of the user directory.
USR: This connection is used by authentication to try the BINDs. No other data is sent across this connection. A BIND is attempted and if it works, then the user is authenticated. The connection is left in that state, owned by the user who just bound. When the next authentication attempt is made, the handling depends on the type of directory. If the directory supports REBIND, then that is what is done, meaning the connection is never broken down, it is just overtaken by the new BIND. If the directory does not support REBIND (like AD), then the connection is Unbound and then a BIND is performed with the new user.
PING: This connection is used to monitor the health of the directory. It sends a very basic search to the directory. If it gets a response, then the directory is considered healthy, so the Policy Server will continue to send requests there.
The search has a blank Root DN, a scope of “base”, and looks for objectclass=*. According to LDAP spec (RFC 2251), all compliant LDAPs will return some basic info about itself and its capabilities when a query is received with those parameters:
ldapsearch -h <IP of directory> -b “” -s base objectclass=*
CA Siteminder Online Training
ReplyDeleteCall Us-91-900-044-4287 21st Century Software Solutions Online Training
21st Century SiteMinder Training Synopsis:
Through a combination of presentations and hands-on lab work, the students will go through a complete SiteMinder implementation project, including installation, configuration, deploying agents, protecting applications, maintaining, and troubleshooting.
Target Audience for Online CA SiteMinder Courses:
http://www.21cssindia.com/courses/ca-siteminder-online-training-190.html
Siteminder - 21st Century Software Solutions
ReplyDeletewww.21cssindia.com/siteminder.html
CA Siteminder training is offered CA Siteminder 6.0 and CA Siteminder 12.0. We cover both basic and advanced topics in Siteminder Online training. Attend a ...
What is the difference between r6 and r12?
ReplyDeleteHow did u install siteminder in ur environment?
How did configure sso in two different domains in same network
Course fee?
ReplyDelete