I have a User Group in LDAP Directory by name 123-All-Bricks-56789 (cn=123-All-Bricks-56789 ,ou=groups,ou=Masters,dc=contoso,dc=corp)
for which I setup overwrite in APS.CFG for Max Failures on SiteMinder Policy Server 12.8.2 (I have only one SM Policy Server in this environment pointing to only 1 LDAP User Store)
While my override for example works as in the below example where givenName is for example my last name:
Max Failures=3
//WORKS
Max Failures={givenName="Smith"}9
It does not work for 123-All-Bricks-56789 group for some reason.
I tried different ways because I really want to set up override for all groups which end with 56789.
This is what I tried:
//For all users:
Max Failures=3
//Then for the specific group of users cn=123-All-Bricks-56789,ou=groups,ou=Masters,dc=contoso,dc=corp
//I tired each of the bellow of course commenting out and testing one by one:
Max Failures={CONTAINS:cn="123-All-Bricks-56789,ou=groups,ou=Masters,dc=contoso,dc=corp"}6
Max Failures={ENDSWITH:cn="56789"}7
Max Failures={ENDS_WITH:cn="56789"}7
Max Failures={EndsWith:cn~"56789"}7
Max Failures={IsInGroup"cn=123-All-Bricks-56789,ou=groups,ou=Masters,dc=contoso,dc=corp")7
Max Failures={cn=123-All-Bricks-56789}7
Max Failures={cn="123-All-Bricks-56789"}7
I think the problem is with APS syntax.
What am I missing please?
Thank you,
Eddie
------------------------------
Systems Engineer
------------------------------