We need to map extension14 field (that comes with Exchange in Active Directory, and is recommended by Microsoft as a way to add custom information) in CA Advanced Authentication.
We have organizationalPerson as schema.
When we go to the mapping stage of the wizard the extension14 attribute isn't available for mapping.
What can be done to use this attribute for mapping ? (for this specific need extension14 will be used to map the mobile phone number for SMS Enrolment)
Customers use this extension attribute because they are using this same attribute for mobile phones that they use for strong authentication to their VPN infrastructure (which isn’t based on Broadcom/Symantec product).
They also wanted to keep this mobile number separate from the telephone field in AD which they historically used for the fixed line.
So the requirement is to be able to see this attribute in Advanced Authentication when mapping the LDAP Enterprise fields.
Release : 9.1
Component : AuthMinder(Arcot WebFort)
Enterprise LDAP Attributes" that are being listed at AA side are based on the Schema Name that we provide while org creation.
AA is fetching the attributes of the schema that we provided and its members till top class, which is as per design
Ex. If we provide the Schema Name as organizationalPerson, it gets the attributes of organizationalPerson class, attributes of its parent class person till attributes of Top class.
After exploring it is observed that extensionAttribute1 to extensionAttribute15 are part of msExchCustomAttributes class which is not in the hierarchy.
As of now as AA is working as designed, if the customer need the extension attributes to be part of "Enterprise LDAP Attributes" it should be raised as enhancement in the Broadcom communities page.
There is a workaround which can be applied in this case and please follow the below steps.
Please, see this article
https://www.windowstechno.com/how-to-create-custom-attributes-in-active-directory/ -> Assigning Custom Attributes to User Class.
In your scenario the it will be not "User" but "organizationalPerson".
If you want to try the steps, please, test it as per the article, but the script to generate the OID you can take from here http://paste.keks.be/565.