|
|
|
A list of user well-known attributes and the items to which they map follows:
Maps to the list of groups for which the user is an administrator.
This well-known attribute may improve search performance at sites with many groups. When the %ADMIN_OF% well-known attribute is specified, CA Identity Manager looks for the groups that a user can manage in the %ADMIN_OF% attribute instead of checking every group in the user store.
Maps to the list of an administrator’s admin roles.
The physical attribute mapped to %ADMIN_ROLE_CONSTRAINT% must be multivalued to accommodate multiple roles.
We recommend indexing the LDAP attribute that is mapped to %ADMIN_ROLE_CONSTRAINT%.
Maps to a user’s certification status.
This attribute is required to use the user certification feature.
Note: For more information about user certification, see the Administration Guide.
Maps to a list of users who have delegated work items to the current user.
This attribute is required to use delegation. The physical attribute mapped to %DELEGATORS% must be multi-valued and capable of holding strings.
Important! Editing this field directly using Identity Manager tasks or an external tool can cause significant security implications.
Maps to a user’s email address.
Required to use the email notification feature
(Required)
Maps to a user’s status.
Note: This attribute must match the Disabled Flag user directory attribute in the SiteMinder user directory connection.
Maps to a user’s first name.
Maps to a user’s first and last names.
Specifies the list of identity policies that have been applied to a user account.
CA Identity Manager uses this attribute to determine whether an identity policy should be applied to a user. When the policy has the Apply Once setting enabled, and the policy is listed in the %IDENTITY_POLICY% attribute, CA Identity Manager does not apply the changes in the policy to the user.
Note: For more information about identity policies, see the Administration Guide.
Maps to the date when a user’s roles were certified.
Required to use the user certification feature.
Note: For more information about user certification, see the Administration Guide.
Maps to a user’s last name.
Maps to the list of groups of which the user is a member.
The physical attribute mapped to %MEMBER_OF% must be multivalued to accommodate multiple groups.
Using this attribute will improve response time when searching for a user’s groups.
You can use this attribute with Active Directory or any directory schema that maintains a user’s group membership on the user object.
(Required)
Maps to the DN of the organization to which the user belongs.
CA Identity Manager uses this well-known attribute to determine a directory’s structure.
This attribute is not required when the user directory does not include organizations.
(Required)
Maps to the user-friendly name of the organization in which the user’s profile exists.
This attribute is not required when the user directory does not include organizations.
Maps to a user’s password.
Note: This attribute must match the Password Attribute in the SiteMinder user directory connection.
(Required for password policy support)
Specifies the attribute that tracks password policy information.
(Required)
Maps to a user-specified question and answer pair. The question and answer pair is used if users forget their passwords.
To support multiple question and answer pairs, the %PASSWORD_HINT% attribute must be multi-valued.
Note: If you are using SiteMinder’s Password Services feature to manage passwords, the Password Hint attribute must match the Challenge/Response attribute in the SiteMinder user directory.
(Required)
Maps to a user’s ID.
| Copyright © 2011 CA. All rights reserved. | Email CA Technologies about this topic |