Active Directory Attributes for IdentityMinder (Legacy_Onyx KB Id: 140864)
search cancel

Active Directory Attributes for IdentityMinder (Legacy_Onyx KB Id: 140864)

book

Article ID: 54818

calendar_today

Updated On:

Products

CA Identity Manager CA Identity Governance CA Identity Portal CA Risk Analytics CA Secure Cloud SaaS - Arcot A-OK (WebFort) CLOUDMINDER ADVANCED AUTHENTICATION CA Secure Cloud SaaS - Advanced Authentication CA Secure Cloud SaaS - Identity Management CA Secure Cloud SaaS - Single Sign On

Issue/Introduction

You are in the process of creating our directory.xml file for your Active Directory User Store and wanted to know if you had suggestions for the following required fields for IdentityMinder:

##ADMIN_ROLE_CONSTRAINT
##ADMIN_SCOPE
##DISABLED_STATE (=userAccountControl?)
##PASSWORD_HINT (=userParameters?)
##GROUP_ADMIN
##SELF_SUBSCRIBING_FLAG

Environment

Release:
Component: IDMIND

Resolution

IdentityMinder will work with _any_ attribute that meets the conditions stated in the "valueyype" sub-element of the corresponding attribute.

For example,

&ltImsManagedObjectAttr physicalname="otherIpPhone" displayname="Admin roles" description="Used as a constraint for IM admin roles" valuetype="String" required="false" multivalued="true" wellknown="%ADMIN_ROLE_CONSTRAINT%" maxlength="0" system="true" hidden="true"/>

In this case, the attribute type for admin role contstraint is of type String. So any attribute of type String (as defined by your Directory), will do just fine.

Having said that, I can give you some examples. I have used these in the past. The trickiest part is making sure that the attributes you use are not being used by another application accessing your active directory. When customers deploy this, it is a good idea to define custom attributes for those attributes that IdentityMinder uses for special purposes - first four listed below:

&ltImsManagedObjectAttr physicalname="otherIpPhone" displayname="Admin roles" description="Used as a constraint for IM admin roles" valuetype="String" required="false" multivalued="true" wellknown="%ADMIN_ROLE_CONSTRAINT%" maxlength="0" system="true" hidden="true"/>

&ltImsManagedObjectAttr physicalname="otherMobile" displayname="Administrative Scope" description="User's Administrative Scope" valuetype="String" required="false" multivalued="true" wellknown="%ADMIN_SCOPE%" maxlength="0" system="true" hidden="true"/>

&ltImsManagedObjectAttr physicalname="info" displayname="Disabled State" description="Disabled State" valuetype="String" required="false" multivalued="false" wellknown="%ENABLED_STATE%" maxlength="0"/>

&ltImsManagedObjectAttr physicalname="wWWHomePage" displayname="Password Hint" description="Password Hint" valuetype="String" required="false" multivalued="false" wellknown="%PASSWORD_HINT%" maxlength="0"/>

&ltImsManagedObjectAttr physicalname="url" displayname="Group Admin" description="Group Admin" valuetype="String" required="false" multivalued="true" wellknown="%GROUP_ADMIN%" maxlength="0" system="true" hidden="true"/>

&ltImsManagedObjectAttr physicalname="info" displayname="Self Subscribing" description="Self Subscribing Flag" valuetype="String" required="false" multivalued="false" wellknown="%SELF_SUBSCRIBING%" maxlength="0"/>