|
|
|
A list of user well-known attributes and the items to which they map follows:
Maps to the list of groups for which the user is an administrator.
This well-known attribute can improve search performance at sites with many groups. Assume that the %ADMIN_OF% well-known attribute is specified. The CA Identity Manager looks for those groups that a user can manage in the %ADMIN_OF% attribute, instead of checking every group in the user store.
Maps to the list of admin roles of an administrator.
The physical attribute that mapped to %ADMIN_ROLE_CONSTRAINT% must be multivalued to accommodate multiple roles.
We recommend indexing the LDAP attribute that is mapped to %ADMIN_ROLE_CONSTRAINT%.
Maps to the certification status of a user.
This attribute is required to use the user certification feature.
Note: For more information about user certification, see the Administration Guide.
Maps to a list of users who have delegated work items to the current user.
This attribute is required to use delegation. The physical attribute that mapped to %DELEGATORS% must be multivalued and capable of holding strings.
Important! Editing this field directly using CA Identity Manager tasks or an external tool can cause significant security implications.
Maps to an email address of a user.
Required to use the email notification feature.
(Required)
Maps to the status of a user.
Note: This attribute must match the Disabled Flag user directory attribute in the SiteMinder user directory connection.
Maps to the first name of a user.
Maps to the first and last names of a user.
Specifies the list of identity policies that have been applied to a user account.
CA Identity Manager uses this attribute to determine whether applying an identity policy to a user is required or not. Assume that the policy has the Apply Once setting enabled and the policy is listed in the %IDENTITY_POLICY% attribute. CA Identity Manager does not apply the changes in the policy to the user.
Note: For more information about identity policies, see the Administration Guide.
Maps to the date when the roles are certified to a user.
Required to use the user certification feature.
Note: For more information about user certification, see the Administration Guide.
Maps to the last name of a user.
Maps to the list of groups of which the user is a member.
The physical attribute that mapped to %MEMBER_OF% must be multivalued to accommodate multiple groups.
Using this attribute improves response time when searching groups of a user.
You can use this attribute with Active Directory or any directory schema that maintains group membership of a user on the user object.
(Required)
Maps to the DN of the organization to which the user belongs.
CA Identity Manager uses this well-known attribute to determine structure of a directory.
This attribute is not required when the user directory does not include organizations.
(Required)
Maps to the user-friendly name of the organization in which the profile of the user exists.
This attribute is not required when the user directory does not include organizations.
Maps to the password of a user.
Note: This attribute must match the Password Attribute in the SiteMinder user directory connection.
(Required for password policy support)
Specifies the attribute that tracks password policy information.
(Required)
Maps to a user-specified question and answer pair. The question and answer pair is used when users forget their passwords.
To support multiple question and answer pairs, make sure that the %PASSWORD_HINT% attribute is multivalued.
Note: If you are using Password Services feature of SiteMinder to manage passwords, the Password Hint attribute must match the Challenge/Response attribute in the SiteMinder user directory.
(Required)
Maps to the ID of a user.
| Copyright © 2012 CA. All rights reserved. | Tell Technical Publications how we can improve this information |