LDAP concerns
The following concerns are specific to all the supported LDAP user registries:
- There are no configuration steps required for ISAM to support the Password Policy of LDAP. Security Verify Access does not assume the existence or non-existence of the Password Policy of the LDAP at all. ISAM enforces its own Password Policy first. ISAM attempts to update password in LDAP only when the provided password passes Password Policy check ISAM. After that, Security Verify Access tries to accommodate the Password Policy of LDAP to the best of its ability using the return code that it gets from LDAP during a password-related update. If ISAM can map the return code without any ambiguity with the corresponding ISAM error code, it does so and returns a proper error message.
- To take advantage of the multi-domain support in ISAM, use an LDAP user registry.
- When using an LDAP user registry, the capability to own global sign-on credentials must be explicitly granted to a user. After this capability is granted, it can be removed.
- Leading and trailing blanks in user names and group names are ignored when using an LDAP user registry in an ISAM secure domain. To ensure consistent processing regardless of the user registry, define user names and group names without leading or trailing blanks.
- Attempting to add a single duplicate user to a group does not produce an error when using an LDAP user registry.
- The Security Verify Access authorization API provides a credential attribute entitlements service. This service retrieves user attributes from a user registry. When this service is used with an LDAP user registry, the retrieved attributes can be string data or binary data.
- Sun Java System Directory Server concerns
The following task describes how to modify the default value for the look-through limit on the directory server.- Microsoft Active Directory Lightweight Directory Service (AD LDS) concerns
This section describes concerns specific to Microsoft Active Directory Lightweight Directory Service (AD LDS).- Microsoft Active Directory Server concerns
The following concerns are specific to Microsoft Active Directory Server:
Parent topic: User registry differences