Layer7 Access Management

Tech Tip : CA Single Sign-On : Policy Server :: HouseKeeping Thread LDAP Request : xpsCategory

  • 1.  Tech Tip : CA Single Sign-On : Policy Server :: HouseKeeping Thread LDAP Request : xpsCategory

    Posted 12-23-2016 05:15 AM

    Question :

     

    Running Policy Server, the CA Directory Policy Store reports searches like :

     

      ! [7] 20151103.000204.436 #103.15596 TIME : SEARCH 0
      msecs dn="ou=XPS,ou=policysvr4,ou=siteminder,
      ou=netegrity,cn=siteminder" scope=one-level eis=all
      filter=(&(objectClass=xpsObject)(|(xpsCategory=2)
      (xpsCategory=3))(|(modifyTimestamp>=20151102101428.060Z)
      (createTimestamp>=20151102101428.060Z)))

     

    What is the meaning of xpsCategory values ?

     

    Environment :

     

    SiteMinder 12SP3 onwards

     


    Answer :

     

      xpsCategory=1 is data dictionary object
      xpsCategory=2 is regular object, like any objects you'll find under "PolicyData" in an export of the Policy Store .xml file
      xpsCategory=3 is security object, like any objects you'll find under "SecurityData" in an export of the Policy Store .xml file

     

    So during housekeeping process, the Policy Server uses filter

     

       (&(objectClass=xpsObject)(|(xpsCategory=2)(xpsCategory=3))

     

    It's looking for Policy objects or Security objects that have changed.

     

    KB : TEC1242723