Virtual Appliance - Extending the Group Object Class
Article ID: 93001
Updated On:
Products
CA Identity Manager
CA Identity Governance
CA Identity Portal
Issue/Introduction
The documentation shows how to add custom user attributes with the imUserAux class. How do we add custom attributes to Group objects?
Environment
CA Identity Manager Virtual Appliance 14.x
Resolution
As a "dsa" user, create an im_group_aux.dxc file in ~dsa/config/schema. Following is a sample:
#
#
# IM Unified Group (UG) auxiliary Schema
#
#
schema set oid-prefix im-UGA-attr = (1.3.6.1.4.1.791.2.3.5.3.6495.1);
schema set oid-prefix im-UGA-oc = (1.3.6.1.4.1.791.2.3.5.3.6495.2);
schema set oid-prefix im-UGA-nb = (1.3.6.1.4.1.791.2.3.5.3.6495.3);
# Use the commented schema set attribute below as a sample for additional
# auxilary attributes. Add the attributes name to the must-contain if they are
# required for oparation or to the may-contain section if you just want them
# visible in LDAP browsing tools
#schema set attribute im-UGA-attr:1 = {
# name = imAuxAttr1
# ldap-names = imAuxAttr1
# equality = caseIgnoreMatch
# syntax = directoryString
# single-valued
#};
# objectClass configuration
schema set object-class im-UGA-oc:1 = {
name = imGroupAux
subclass-of imGroup
kind = auxiliary
# Add mandatory attribute names to the must-contain section
# must-contain
# Add non-mandatory attribute names to the may-contain section
# may-contain
};
Add additional attributes to this as you would with the im_user_aux.dxc file, and source im_group_aux.dxc in the ~dsa/config/schema/im.dxg file. Keep a backup copy of im.dxg, as it may be overwritten in future updates.
#
#
# IM Unified Group (UG) auxiliary Schema
#
#
schema set oid-prefix im-UGA-attr = (1.3.6.1.4.1.791.2.3.5.3.6495.1);
schema set oid-prefix im-UGA-oc = (1.3.6.1.4.1.791.2.3.5.3.6495.2);
schema set oid-prefix im-UGA-nb = (1.3.6.1.4.1.791.2.3.5.3.6495.3);
# Use the commented schema set attribute below as a sample for additional
# auxilary attributes. Add the attributes name to the must-contain if they are
# required for oparation or to the may-contain section if you just want them
# visible in LDAP browsing tools
#schema set attribute im-UGA-attr:1 = {
# name = imAuxAttr1
# ldap-names = imAuxAttr1
# equality = caseIgnoreMatch
# syntax = directoryString
# single-valued
#};
# objectClass configuration
schema set object-class im-UGA-oc:1 = {
name = imGroupAux
subclass-of imGroup
kind = auxiliary
# Add mandatory attribute names to the must-contain section
# must-contain
# Add non-mandatory attribute names to the may-contain section
# may-contain
};
Add additional attributes to this as you would with the im_user_aux.dxc file, and source im_group_aux.dxc in the ~dsa/config/schema/im.dxg file. Keep a backup copy of im.dxg, as it may be overwritten in future updates.
Additional Information
See the documentation related to user objects here:
https://docops.ca.com/ca-identity-suite/14-1/EN/configuring/extending-the-user-store-with-imuseraux-object-class
https://docops.ca.com/ca-identity-suite/14-1/EN/configuring/extending-the-user-store-with-imuseraux-object-class
Feedback
Yes
No
Powered by
