Using WAMUI to configure a policy you have a button to add all users in a user store to the policy, so when a new user appears on the directoy is automatically added to the policy.
If you works with PERL CLI to automate some policy creations, in the Netegrity::PolicyMgtPolicy class is available a method call addUser to add a individual user to the policy, but there isn't a method to add "all users".
If you made a loop to add the directoy users using adduser method, the new users added to the directory will not be available at the policy.
In Java API already exist a method to do this with user class:
void
setFilterClass(java.lang.String filterClass)
Sets the filter class of the user policy.
void
setFilterPath(java.lang.String filterPath)
Sets the filter path of the user policy.
https://support.ca.com/cadocs/0/CA%20SiteMinder%2012%2052%20SP1-ENU/Bookshelf_Files/programming-reference/legacy-sm-java-sdk/com/netegrity/sdk/policyapi/SmUserPolicy.html#setFilterClass(java.lang.String)
So the idea is to add addalluserclass method to the perl CLI.
This idea is derived from Support Case 00375892
I have been battling this issue for a while... Is the following a possible workaround until formally implemented?
The gist of this is to obtain the Netegrity::PolicyMgtUser object from an existing All Users entry created by the WAMUI. Then use/source that object when performing the Netegrity::PolicyMgtPolicy->AddUser.
i.e. The following snippet had DomainTemplate (Domain) and PolicyTemplate (Domain Policy) objects pre-defined by the WAMUI and has 'ALL' users bound to the policy (only one user directory is bound to the policy):
my $domainTemplateObj = $session->GetDomain("DomainTemplate");
my $policyTemplateObj = $domainTemplateObj->GetPolicy("PolicyTemplate");
my $userDirTemplateObj = $domainTemplateObj->GetUserDirSearchOrder();
my $allUserObj = $policyTemplateObj->GetAllUsers($userDirTemplateObj);
# Note: $newPmPolicyObj is the target/new policy to assign all users.
$newPmPolicyObj->AddUser($allUserObj) and warn "Cannot add 'ALL' users to policy\n";
Would love to get confirmation if this is a valid workaround.