Symantec Access Management

Tech Tip : CA Single Sign-On : How to configure the Policy Server Registry Key EnableSearchFilterCheck ?

  • 1.  Tech Tip : CA Single Sign-On : How to configure the Policy Server Registry Key EnableSearchFilterCheck ?

    Broadcom Employee
    Posted Jan 02, 2017 05:51 AM

    Question :

     

    How the Policy Server EnableSearchFilterCheck Registry Key works?

     

    Environment :

     

    Policy Server R12.52 SP1 CR01 on RedHat 6;

     

    Answer :

     

    The Policy Server EnableSearchFilterCheck Registry Key should be configured as follows :

     

    HKEY_LOCAL_MACHINE\SOFTWARE\Netegrity\Siteminder\Ds\LDAPProvider\EnableSearchFilterCheck

     

    Key: EnableSearchFilterCheck
    Type: REG_DWORD
    BASE: Decimal

     

    where the values can be :

     

    EnableSearchFilterCheck = 0
    No Filter check for Search calls

     

    EnableSearchFilterCheck = 1
    Impose check on Filter to comply with RFC

     

    EnableSearchFilterCheck > 1
    Impose check on Filter to comply with RFC and block the search call if it does not comply with RFC.

     

    This Key may be helpful to solve syntax error in LDAP Search filter such as :
    Wrong syntax of LDAP search filter:
    (CN=\28|\28cn=myname\29\28mail=myname@ca.com\29\29)

     

    KB : TEC1630034