|
|
|
An attribute stores information about an entry, such as a telephone number or address. An entry’s attributes determine its profile.
In the directory configuration file, attributes are described in ImsManagedObjectAttr elements. In the User Object, Group Object and Organization Object sections of the directory configuration file, you can do the following:
There is one ImsManagedObjectAttr element for each attribute in user, group, and organization profiles. For example, an ImsManagedObjectAttr element may describe a user ID.
An ImsManagedObjectAttr element resembles the following:
<ImsManagedObjectAttr physicalname="uid" displayname="User ID" description="User ID" valuetype="String" required="true" multivalued="false" wellknown="%USER_ID%" maxlength="0" />
The ImsManagedObjectAttr has the following parameters:
This parameter must contain one of the following items:
Note: To improve performance, index LDAP attributes that are used in search queries in the User Console.
Contains the description of the attribute
Specifies a unique name for the attribute.
In the User Console, the display name appears in the list of attributes that are available to add to a task screen. This parameter is required.
Note: Do not modify an attribute’s displayname in the directory configuration file (directory.xml). To change the name of the attribute on a task screen, you can specify a label for the attribute in the task screen definition. For more information, see the Administration Guide.
Specifies the attribute’s data type. The valid values are as follows:
The value can be any string.
This is the default value.
The value must be an integer.
Note: Integer does not support decimal numbers.
The value must be an integer. The number option supports decimal numbers.
The value must parse to a valid date using the pattern:
MM/dd/yyyy
The value must parse to a valid date using the pattern yyyy-MM-dd.
The value must parse to a valid date using the pattern YYYYYYYDDD where:
YYYYYYY is a seven number representation for year beginning with three zeroes. For example: 0002008
DDD is the three number representation for the day beginning with zeroes, as needed. Valid values include 001 to 366.
This type of attribute consists of structured data that enables a single attribute value to store multiple related values. For example, a structured attribute could contain First Name, Last Name, and Email Address values.
These attributes may be used by certain endpoint types, but are managed through CA Identity Manager.
Note: CA Identity Manager can display structured attributes in a table in the User Console. When users edit values in the table, they are stored in the user store and propagated back to the endpoint. For more information about displaying multi-valued attributes, see the Administration Guide.
Indicates whether the attribute is required, as follows:
Note: If an attribute is required by the LDAP directory server, set the required parameter to true.
Indicates whether the attribute can have multiple values. For example, the group membership attribute is multi-valued to store the user DN of each group member. The valid values are as follows:
Important! The Group Membership and Admin Roles attributes in the User object definition must be multivalued.
Defines the name of the well-known attribute.
Well-known attributes have a specific meaning in CA Identity Manager. They are identified by the following syntax:
%ATTRIBUTENAME%
Defines the maximum length that an attribute’s value can have. Set the maxlength parameter to 0 to specify an unlimited length.
Note: This parameter is required.
Indicates whether an attribute’s value can be modified in a task screen. The valid values are as follows:
The value is displayed but cannot be modified
The value cannot be modified once the object is created. For example, a user ID cannot be changed after the user is created
The value can be modified (default)
Indicates whether an attribute appears in Identity Manager task forms. The valid values are as follows:
Logical attributes use hidden attributes.
Note: For more information, see the Programming Guide for Java.
Specifies attributes that are used by CA Identity Manager only, and should not be modified by users in the User Console. The valid values are as follows:
Associates a validation rule set with the attribute.
The validation rule set that you specify must be defined in a ValidationRuleSet element in the directory configuration file.
Indicates the LDAP auxiliary class for a user, group, or organization attribute when the attribute is not part of the primary objectclass specified in the ImsManagedObject element.
For example, suppose the primary object class for users is top, person, organizationalperson, which defines the following user attributes:
To include the attribute employeeID, which is defined in the Employee auxiliary class, you would add the following attribute description:
<ImsManagedObjectAttr physicalname="employeeID" displayname="Employee ID" description="Employee ID" valuetype="String" required="true" multivalued="false" maxlength="0" objectclass="Employee"/>
| Copyright © 2011 CA. All rights reserved. | Email CA Technologies about this topic |