search cancel

Need to be able to map extension14 attribute from Exchange server

book

Article ID: 230034

calendar_today

Updated On:

Products

CA Advanced Authentication - Strong Authentication (AuthMinder / WebFort)

Issue/Introduction

We need to map extension14 field (that comes with Exchane in Active Directory, and is recommended by Microsoft as a way to add custom information) in CA  Advanced Authentication.

We have organizationalPerson as schema.

When we go to the mapping stage of the wizard the extension14 attribute isn't available for mapping.

What can be done to use this attribute for mapping ? (for this specific need extension14 will be used to map the mobile phone number for SMS Enrolment)

The customer uses this extension attribute because they are using this same attribute for mobile phones that they use for strong authentication to their VPN infrastructure (which isn’t based on Broadcom/Symantec product).

They also wanted to keep this mobile number separate from the telephone field in AD which they historically used for the fixed line.

So the requirement is to be able to see this attribute in Advanced Authentication when mapping the LDAP Enterprise fields.

 

Environment

Release : 9.1

Component : AuthMinder(Arcot WebFort)

Resolution

Enterprise LDAP Attributes" that are being listed at AA side are based on the Schema Name that we provide while org creation.
AA is fetching the attributes of the schema that we provided and its members till top class, which is as per design
Ex. If we provide the Schema Name as organizationalPerson, it gets the attributes of organizationalPerson class, attributes of its parent class person till attributes of Top class.

After exploring it is observed that extensionAttribute1 to extensionAttribute15 are part of msExchCustomAttributes class which is not in the hierarchy.

As of now as AA is working as designed, if the customer need the extension attributes to be part of "Enterprise LDAP Attributes" it should be raised as enhancement in the Broadcom communities page.

There is a workaround which can be applied in this case and please follow the below steps.

Please, see this article 

https://www.windowstechno.com/how-to-create-custom-attributes-in-active-directory/ -> Assigning Custom Attributes to User Class. 

In your scenario the it will be not "User" but "organizationalPerson".

If you want to try the steps, please, test it as per the article, but the script to generate the OID you can take from here http://paste.keks.be/565.