There are 5 sample files that provide examples of policy definitions in LDAP:
For brief descriptions of these files, see Policy sample files. You can either use some or all of these predefined policies in the starter and advanced sets, or modify them as needed.
The recommended way to create customized policies is to copy the sample policies you want to change to the custom portion of the pagent.ldif file (under the appropriate cn=custom root, QoS or IDS), modify them as needed, and then point to the custom set as the search base on the ReadFromDirectory statement.
For example, the pagent.ldif file has the following hierarchical structure [this shows the relevant parts of the Distingushed Name (DN) for each object]:
o=IBM, c=US (root object)
cn=repository (root of all reusable policy conditions and actions)
ou=policy (root of all policy groups and rules)
cn=groups (root of sample groups)
cn=starter (root of simple starter set of policies)
cn=IDS (IDS starter set - actually defined in file pagent_starter_IDS.ldif)
cn=QoS (QOS starter set - actually defined in file pagent_starter_QOS.ldif)
cn=advanced (root of advanced set of policies)
cn=IDS (IDS advanced set - actually defined in file pagent_advanced_IDS.ldif)
cn=QoS (QOS advanced set - actually defined in file pagent_advanced_QOS.ldif)
cn=custom (root of customer-defined set of policies)
cn=IDS (root of customer-defined IDS policies (empty))
cn=QoS (root of customer-defined QOS policies (empty))To obtain only the customized policies, specify the top custom policy group object as the search base on the ReadFromDirectory statement as follows:
ReadFromDirectory {
...
SearchPolicyBaseDN dn:cn=custom, ou=policy, o=IBM, c=US
...
}