Creating UNIX v2 accounts results in default value 0 for some attribute fields
Article ID: 244321
Updated On:
Products
Issue/Introduction
When creating accounts on UNIX_V2 endpoint he account creation is happening normally, but the Password MAX password parameters. AGE, Password MIN. AGE, Password MIN. Length, Password MIN. APHA, Password MIN. Other, Password MAX REPEATED and Password MIN Different are getting set with a value of 0 even though the Account Template had no values set for these fields.
Will the connector always send the value of 0 or is there any way to send the empty value? A pattern was created within the OS and we wanted that when a user is created it would receive the OS pattern and not the value of 0 sent by Identity Manager.
Environment
All Identity Manager
Cause
The application is currently working as designed. If you were to look at the Unix v2 Connector metadata xml we can see that the connector is designed to have default values. For example we can see that Password Max Age which is mapped to eTDYN-str-multi-19 is configured with a default=true and value=0 as shown below:
<property name="eTDYN-str-multi-19">
<doc>Specifies the maximum age, in weeks, of a password. The password must be changed by this time. </doc>
<value default="true">
<intValue>0</intValue>
</value>
If no explicit value is provided during account creation time then the default value for the connector will be used as you are seeing.
Resolution
If there are specific values set on the OS side which you would like to be used then the suggestion would be to set those same values on the Account Template so they can be passed in by the IM application.
You would need to open an Idea to suggest a product enhancement for future consideration if you would like to suggest that the connector not have default values and instead allow it to use OS set values on the following site selecting Symantec IGA as the category:
https://community.broadcom.com/ideation/allideas
Feedback
