To configure a global security policy, you must add a policy element after the Canonicalizations section in the LdapConfig section of the TdgssUserConfigFile.xml, and add the necessary attributes and values.
A global policy can contain the following attributes.
Attribute Name | Required | Description |
---|---|---|
Ref | Yes | Specifies the service (directory) that contains the global policy. |
LdapPolicyFQDN | Yes | Specifies the FQDN of the policy container in the directory that contains the global policy structure. |
LdapNetworkBaseFQDN | No | Locates the container for ipNetwork entries. If no value is present for LdapNetworkBaseFQDN, the system does not use the client IP address for determining the applicable QOP policy or options. |
For example:
<LdapConfig> <Tls ... /> <Services> ... <Services> <Canonicalizations> ... </Canonicalizations> <Policy Ref="globalpolicysvc" LdapPolicyFQDN="?" LdapNetworkBaseFQDN="dc=domain,dc=com"/> </Policy> </LdapConfig>