2.2.3.1 Policy Location, Name, and Description Retrieval
When retrieving the assigned policy location, name, and description, an LDAP SearchRequest message MUST be sent to the domain controller with the parameters that follow:
|
Parameter |
Value |
|---|---|
|
baseObject |
The IPsec policy DN that corresponds to the GPO in which to search for IPsec protocol settings: cn=ipsec,cn=Windows,cn=Microsoft,cn=Machine,cn={GPO GUID},cn=policies,cn=system,<domain naming context> |
|
Scope |
This value MUST be equal to 0, for the baseObject scope (as defined in [RFC2251]). |
|
derefAliases |
This MUST be set to 0 (neverDerefAliases) to dereference in searching. |
|
sizeLimit |
No limit is set (this MUST be set to 0). |
|
timeLimit |
The time limit MUST be infinite (it MUST be set to 0). |
|
typesOnly |
This MUST be set to FALSE as defined in [RFC2251]. |
|
Filter |
The following LDAP filter (as specified in [RFC2254]) MUST be used: (objectclass=*) |
|
Attributes |
None |
If the preceding LDAP SearchRequest succeeds, then the following LDAP SearchRequest message MUST be sent to the domain controller with the parameters that follow:
|
Parameter |
Value |
|---|---|
|
baseObject |
The IPsec policy DN that corresponds to the GPO in which to search for IPsec protocol settings: cn=ipsec,cn=Windows,cn=Microsoft,cn=Machine,cn={GPO GUID},cn=policies,cn=system,<domain naming context> |
|
Scope |
This value MUST be the value 0, for the baseObject scope (as defined in [RFC2251]). |
|
derefAliases |
This MUST be set to 0 (neverDerefAliases) to dereference in searching. |
|
sizeLimit |
No limit is set (this MUST be set to 0). |
|
timeLimit |
The time limit MUST be infinite (it MUST be set to 0). |
|
typesOnly |
This MUST be set to FALSE as defined in [RFC2251]. |
|
Filter |
The following LDAP filter (as specified in [RFC2254]) MUST be used: (objectclass=*) |
|
Attributes |
This field MUST specify the attributes ipsecOwnersReference, description, and ipsecName, as specified in section 2.2.2. |