Auditing SiteMinder Policy server connections to LDAP backend stores (policy+user)

I’ve seen it time and time again from the number of organizations that we’ve worked with in the past – security auditing is treated with low priority – specifically firewalls between intermediary components and devices and in some extreme cases data encryption between those same devices. So it goes without saying that any component accessing the corporate directory, i.e. LDAP, should be treated the same as any user accessing directory information. As a standard practice in ANY of our SiteMinder deployments, we generally follow the same access and security policy that accesses (search, create, delete) to the underlying store must be done using a named account (i.e. uid=ssoadmin,ou=people rather than using a generic account or using the native LDAP superuser account “cn=Directory Manager”) for audit and security purposes.

By configuring the above, this will provide:

1. Additional audit information and data from the underlying component.

2. From a troubleshooting standpoint this enables the directory administrators to quickly narrow down and locate potentially “erroneous” connections originating from the policy server.

Questions, comments or concerns? Feel free to reach out to us below, or email us at IDMWORKS to learn more about how you can protect your organization and customers.

  1. Hi team,

    How can we fine tune the performance of the CA siteminder V6 policy server and sitemider agent ,in a multiple B2B environment .

    Please do let me know your thoughts on this


Leave a Reply

Your email address will not be published. Required fields are marked *