When you add or modify an LDAP policy information point (PIP), you configure a
connection to an LDAP server. You also determine what information to use from the LDAP
directory.
Connection properties
- Name
- Identifies the policy information point instance. This name must be unique
to the instance. Do not use a predefined IBM Security Access Manager for
Mobile policy information point issuer name.
The name that you create is
the issuer for any attributes that the policy information point instance
returns.
- Description
- Describes the policy information point. (Optional)
- Type
- Specifies the policy information point type, which is
LDAP. (Read only)
- Server Connection
- Specifies the LDAP server from which to retrieve the attributes. Select one
of the defined LDAP servers from the list. If the server you require is not
available to select in the list, you must define it. See Managing server connections.
Attribute properties
- Base DN
- Specifies the base DN of the directory server that determines where to
search for attribute values. For example, you can specify
o=Example_Organization,c=us.
- Search filter
- Specifies the search filter for the attribute values you require. Any LDAP
search filter is supported. For example, specify
(|(objectclass=ePerson)(objectclass=Person)). You
can also dynamically create the search by using attribute values in a search
at runtime. The attribute that you use must match the name field of that
attribute. For example,
(&(cn={username})(|(objectclass=ePerson)(objectclass=Person))).
- Search timeout (seconds)
- Specifies the amount of time in seconds that is allowed for search
operation before the LDAP server is considered to be down. The default is
120 seconds.
- Attribute
- Specifies the attributes that are retrieved from a response and that can be
used in a policy or risk score. Each attribute is mapped to an associated
LDAP registry attribute. You can use one or more attributes, and you can
add, modify, or delete attributes.
The attributes that you add here must
already be defined in the appliance local management interface. See
Managing attributes for information
on adding an attribute.
Do not delete an attribute that is used
in a policy or risk score.
- Selector
- Specifies the name of an LDAP registry attribute.