AnsweredAssumed Answered

SM LDAP Search Filters default to "objectclass=*"

Question asked by Makesh.T Employee on May 21, 2018
Latest reply on May 21, 2018 by Ujwol Shrestha

This is on SSO 12.7 SP2 (RHEL 7.x), AD 2012 as the user Store.


SMTrace log has several LDAP search queries related to "objectclass=*", its not reading global search filters from sm.registry file as below.  Active Directory server team mentioned they saw queries that try to find 6 million+ entries. I would think it might be SiteMinder sending a broader query "objectclass=*". 




LDAP:=                  inetOrgPerson,organizationalPerson,person;      REG_SZ



LDAP:=                  groupOfNames,groupOfUniqueNames,group;  REG_SZ



LDAP:=                  organization,organizationalUnit;        REG_SZ



LDAP:=                  organization,organizationalUnit,groupOfNames,groupOfUniqueNames,group;  REG_SZ



Both the "User Object", "User Class" properties are BLANK in the user Directory definition.

Any idea why SM defaults its search filter: "objectclass=*" and not using filters from registry settings ?