Question :
How the Policy Server EnableSearchFilterCheck Registry Key works?
Environment :
Policy Server R12.52 SP1 CR01 on RedHat 6;
Answer :
The Policy Server EnableSearchFilterCheck Registry Key should be configured as follows :
HKEY_LOCAL_MACHINE\SOFTWARE\Netegrity\Siteminder\Ds\LDAPProvider\EnableSearchFilterCheck
Key: EnableSearchFilterCheck
Type: REG_DWORD
BASE: Decimal
where the values can be :
EnableSearchFilterCheck = 0
No Filter check for Search calls
EnableSearchFilterCheck = 1
Impose check on Filter to comply with RFC
EnableSearchFilterCheck > 1
Impose check on Filter to comply with RFC and block the search call if it does not comply with RFC.
This Key may be helpful to solve syntax error in LDAP Search filter such as :
Wrong syntax of LDAP search filter:
(CN=\28|\28cn=myname\29\28mail=myname@ca.com\29\29)
KB : TEC1630034