An attribute stores information about an entry, such as a telephone number or address. An entry attribute determines its profile.
In the directory configuration file, attributes are described in ImsManagedObjectAttr elements. In the User Object, Group Object and Organization Object sections of the directory configuration file, you can do the following actions:
For each attribute in user, group, and organization profiles, there is one ImsManagedObjectAttr element. For example, an ImsManagedObjectAttr element is described as a user ID.
An ImsManagedObjectAttr element resembles the following code:
<ImsManagedObjectAttr physicalname="uid" displayname="User ID" description="User ID" valuetype="String" required="true" multivalued="false" wellknown="%USER_ID%" maxlength="0" />
The ImsManagedObjectAttr has the following parameters:
This parameter must contain one of the following items:
Note: To improve performance, index LDAP attributes that are used in search queries in the User Console.
Contains the description of the attribute
Specifies a unique name for the attribute.
In the User Console, the display name appears in the list of attributes that are available to add to a task screen. This parameter is required.
Note: Do not modify the displayname of an attribute in the directory configuration file (directory.xml). To change the name of the attribute on a task screen, you can specify a label for the attribute in the task screen definition. For more information, see the Administration Guide.
Specifies data type of the attribute. The valid values are as follows:
The value can be any string.
This is the default value.
The value must be an integer.
Note: Integer does not support decimal numbers.
The value must be an integer. The number option supports decimal numbers.
The value must parse to a valid date using the pattern:
MM/dd/yyyy
The value must parse to a valid date using the pattern yyyy-MM-dd.
The value must parse to a valid date using the pattern YYYYYYYDDD where:
YYYYYYY is a seven number representation for a year beginning with three zeros. For example: 0002008
DDD is the three number representation for the day beginning with zeros, as needed. Valid values include in range from 001 to 366.
This type of attribute consists of structured data that enables a single attribute value to store multiple related values. For example, a structured attribute contains values such as First Name, Last Name, and Email Address values.
Certain endpoint types use these attributes but are managed through CA IdentityMinder.
Note: CA IdentityMinder can display structured attributes in a table in the User Console. When users edit values in the table, the values are stored in the user store, propagating back to the endpoint. For more information about displaying multivalued attributes, see the Administration Guide.
Indicates whether the attribute is required, as follows:
Note: If an attribute is required for an LDAP directory server, set the required parameter to true.
Indicates whether the attribute can have multiple values. For example, the group membership attribute is multivalued to store the user DN of each group member. The valid values are as follows:
Important! The Group Membership and Admin Roles attributes in the User object definition must be multivalued.
Defines the name of the well-known attribute.
Well-known attributes have a specific meaning in CA IdentityMinder. They are identified in the syntax:
%ATTRIBUTENAME%
Defines the maximum length that a value of an attribute can have. Set the maxlength parameter to 0 to specify an unlimited length.
Note: This parameter is required.
Indicates whether the value of an attribute can be modified in a task screen. The valid values are as follows:
The value is displayed but cannot be modified.
The value cannot be modified once the object is created. For example, a user ID cannot be changed after the user is created.
The value can be modified (default).
Indicates whether an attribute appears in CA IdentityMinder task forms. The valid values are as follows:
Logical attributes use hidden attributes.
Note: For more information, see the Programming Guide for Java.
Specifies only CA IdentityMinder used attributes. Users in the User Console not to modify the attributes. The valid values are as follows:
Associates a validation rule-set with the attribute.
Verify that the validation rule set that you specify is defined in a ValidationRuleSet element in the directory configuration file.
Indicates the LDAP auxiliary class for a user, group, or organization attribute when the attribute is not part of the primary objectclass specified in the ImsManagedObject element.
For example, assume that the primary object class for users is top, person, and organizationalperson, which defines the following user attributes:
To include the attribute employeeID, which is defined in the Employee auxiliary class, you would add the following attribute description:
<ImsManagedObjectAttr physicalname="employeeID" displayname="Employee ID" description="Employee ID" valuetype="String" required="true" multivalued="false" maxlength="0" objectclass="Employee"/>
|
Copyright © 2013 CA.
All rights reserved.
|
|