Patrick-Dussault

Tech Tip : CA Single Sign-On : How to configure the Policy Server Registry Key EnableSearchFilterCheck ?

Discussion created by Patrick-Dussault Employee on Jan 2, 2017

Question :

 

How the Policy Server EnableSearchFilterCheck Registry Key works?

 

Environment :

 

Policy Server R12.52 SP1 CR01 on RedHat 6;

 

Answer :

 

The Policy Server EnableSearchFilterCheck Registry Key should be configured as follows :

 

HKEY_LOCAL_MACHINE\SOFTWARE\Netegrity\Siteminder\Ds\LDAPProvider\EnableSearchFilterCheck

 

Key: EnableSearchFilterCheck
Type: REG_DWORD
BASE: Decimal

 

where the values can be :

 

EnableSearchFilterCheck = 0
No Filter check for Search calls

 

EnableSearchFilterCheck = 1
Impose check on Filter to comply with RFC

 

EnableSearchFilterCheck > 1
Impose check on Filter to comply with RFC and block the search call if it does not comply with RFC.

 

This Key may be helpful to solve syntax error in LDAP Search filter such as :
Wrong syntax of LDAP search filter:
(CN=\28|\28cn=myname\29\28mail=myname@ca.com\29\29)

 

KB : TEC1630034

Outcomes