Symantec Access Management

  • Private Community

  • 1.  PolicyMgtApi - How do I add 'all' users using the Perl API?

    Posted Jan 03, 2014 11:17 AM

    I am trying to add an 'all' user to a policy I have created using the Perl PolicyMgtAPI, but am not sure how to accomplish this. 
     

    Here is what I have:
    $userDirObj = $session->GetUserDir("UserDirName");
    $domainObj = $session->CreateDomain("DomainName","DomainDescription",1);

    $domainObj->AddUserDir( $userDirObj );
    $realmObj = $domainObj->CreateRealm("RealmName", $session->GetAgentGroup("AgentGroupName"), $session->GetAuthScheme("AuthSchemeName"), "RealmDescription", "/", 1, 1, 1, 7200, 3600, 0);
    $policyObj = $domainObj->CreatePolicy("PolicyName","PolicyDescription",1);
    $policyObj->AddRule( $realmObj->CreateRule("RuleName", "RuleDescription", "GET,POST", "*", 1, 0, "", 1) );
    $policyObj->AddUser( HOW DO I ADD 'all' USERS );



  • 2.  RE: PolicyMgtApi - How do I add 'all' users using the Perl API?

    Broadcom Employee
    Posted Jan 03, 2014 11:46 AM

    Hello brettcarroll,

    Try adding a loop to process users like this:

     

    $user=$userdir->LookupEntry($userid_string);
    if(defined $user) {
    $policy->AddUser($user);
    print "\tThat Works!!!\n\n\n";
    } else {
    print "User not found\n\n\n"
    }
    print "\tThat Works!!!\n\n";
    } else {
    print "User not found\n\n"
    }
    print "my list of policy users...\n\n";
    @users = $policy->GetAllUsers()
    etc.

     

    best wishes.
     
     
     
     
     
     
     
     
     
     
     
     
     
     
     
     
     
     
     
     
     
     
     
     
     
     
     

     



  • 3.  RE: PolicyMgtApi - How do I add 'all' users using the Perl API?

    Posted Jan 03, 2014 12:53 PM

    That works for adding users that I know about, but what if I want to Authorize everyuser that is authenticated? 

    Using the FSS Admin UI I would add a manual entry item named all. This adds a user named all with a UserClass all. This way every user in the UserDirectory is Authorized.  I am not clear how to accomplish thist same thing using the Perl PolicyMgtAPI.  Do I really need to loop through every user and add each user to the policy (1000's of users)?



  • 4.  RE: PolicyMgtApi - How do I add 'all' users using the Perl API?

    Broadcom Employee
    Posted Jan 03, 2014 12:59 PM

    Hello brettcarroll,

     

    See if this helps. Add custom your object class to the registry, reboot and test. This section.

    HKEY_LOCAL_MACHINE\SOFTWARE\Netegrity\SiteMinder\CurrentVersion\Ds\PolicyRes

    olution

    <your custom object class name>= 0x1; REG_DWORD

    best wishes. - Vijay

     
     
     

     



  • 5.  Re: PolicyMgtApi - How do I add 'all' users using the Perl API?
    Best Answer

    Posted Jul 28, 2014 12:49 PM

    In the Admin UI, when specifying Authorized Users in a Policy, the world "All" can be used to authorize all authenticated users.  Using the SiteMinder Policy Management API (Netegrity::PolicyMgtAPI module in perl), there isn't anything documented that states how to programatically achieve the same functionality of authorizing all authenticated users.

     

     

    I created a script to print out the configuration of a Policy that allows "All" users.  It looks like the query that is executed when All is specified is (ObjectClass=*)