Connector Guides › Connectors Guide › Connecting to Endpoints › CA Top Secret Connector › Connector-Specific Features › LDAP Directory Services (LDS) › Features

Features

The LDS backend within CA Identity Manager provides special processing when any of the following LDAP attributes are mapped to respective CA Top Secret fields in the NDT XREF record:

• If LDAP attribute eTS390Role is specified as part of the command, the user is attached or removed from the specified Provisioning Role value. This may result in the addition or removal of accounts on any platform depending upon the Account Templates attached to that Provisioning Role. Typically, this attribute is mapped to a single-valued user defined field containing a comma-separated list of Provisioning Roles that the user is a member of.
• If the CA Top Secret password is mapped to the eTS390Password attribute, the password is applied to the Identity Manager Global User and automatically propagated to all accounts associated with that Global User.

  Note: This attribute should only be used by clients that do NOT explore/correlate their TSS accounts into CA Identity Manager. Clients that do run explore/correlate should follow the instructions in the Password Synchronization feature bulletin.

• Password Synchronization - Password changes to TSS User Acids (Acid types User, DCA, VCA, ZCA, LSCA, SCA) can be propagated into CA Identity Manager to change a Global User's password and all accounts associated with the Global User. To accomplish this, an LDS record must be manually created (not from the LDS Wizard) using the instructions from the Configuration and Usage section with the following changes:
  • Step 3. Set the USERDNS (user dns) as follows:

    	eTTSSAcidName=%L,eTTSSAcidContainerName=Accounts,
    	eTTSSDirectoryName=www,
    	eTNamespaceName=CA-Top Secret,dc=XXX,dc=eta
    

    where eTTSSEndpointName=www equals the Identity Manager CA Top Secret Endpoint name and dc=XXX is the name of the Identity Manager domain for this LDAP node in UPPERCASE.

  • Step 4. Set the OBJCLASS (object class) to eTTSSAcid.
  • Step 6. In the XREF section, add the entry: Password,eTSyncPassword.
• If the CA Top Secret password is mapped to the eTPassword attribute, this causes the password to only be applied to the Global User with no propagation to other accounts.
• If LDAP attribute eTS390Profile is specified as part of the command, the user is attached or removed from the specified Provisioning Role value. This may result in the addition or removal of accounts on any platform depending upon the Account Templates attached to that Provisioning Role. Typically, this attribute would be mapped to the Profiles field within TSS, because 'membership' to a TSS Profile can directly translate to Provisioning Role/Account Template concept within CA Identity Manager.

Note: Values specified for both eTS390Profile and eTS390Role must exist within CA Identity Manager as valid Provisioning Role names.