The ADS connector lets you manage additional attributes that are used by your Active Directory implementation including, the extended ADS schema you may have implemented on your Active Directory system. If you want to have CA IdentityMinder manage these extended attributes, create a flat file called PS_HOME\data\ADS\schema.ext. This file should contain a list of the extended attributes that you want to manage.
Note: Not every attribute is manageable through CA IdentityMinder as the Active Directory does try to protect certain sensitive ones.
Each attribute should be listed on a single line by itself and have the same name as the LDAP display name of the attribute on the target ADS system. For example, if the LDAP display name of the attribute on the target system is extendedAttribute, the attribute name in the schema.ext file needs to be extendedAttribute. The LDAP display name can be found under the Name column of the Active Directory Schema\Attributes or the attribute name when you use the JXplorer to connect to the Active Directory and browse a user account.
With this file in place, (you may have to recycle the Provisioning Server), the Provisioning Manager will then display an additional property page called Custom for both account templates and accounts. This page provides a list of all the extended attributes and their values.
Notes:
Once the extended ADS schema has been configured in CA IdentityMinder, the extended ADS attributes can be mapped to global user's attributes/custom fields by using rule strings in ADS account templates. For more information on how to create custom fields for Global User objects and how to use rule strings, see the Administrator Guide.
|
Copyright © 2013 CA.
All rights reserved.
|
|