Active Directory Attributes for IdentityMinder (Legacy_Onyx KB Id: 140864)

Document ID : KB000054818
Last Modified Date : 14/02/2018
Show Technical Document Details

Description:

We are in the process of creating our directory.xml file for our Active Directory User Store and wanted to know if you had suggestions for the following required fields for IdentityMinder:

##ADMIN_ROLE_CONSTRAINT
##ADMIN_SCOPE
##DISABLED_STATE (=userAccountControl?)
##PASSWORD_HINT (=userParameters?)
##GROUP_ADMIN
##SELF_SUBSCRIBING_FLAG


Solution:

IdentityMinder will work with _any_ attribute that meets the conditions stated in the "valueyype" sub-element of the corresponding attribute.

For example,

&ltImsManagedObjectAttr physicalname="otherIpPhone" displayname="Admin roles" description="Used as a constraint for IM admin roles" valuetype="String" required="false" multivalued="true" wellknown="%ADMIN_ROLE_CONSTRAINT%" maxlength="0" system="true" hidden="true"/>

In this case, the attribute type for admin role contstraint is of type String. So any attribute of type String (as defined by your Directory), will do just fine.

Having said that, I can give you some examples. I have used these in the past. The trickiest part is making sure that the attributes you use are not being used by another application accessing your active directory. When customers deploy this, it is a good idea to define custom attributes for those attributes that IdentityMinder uses for special purposes - first four listed below:

&ltImsManagedObjectAttr physicalname="otherIpPhone" displayname="Admin roles" description="Used as a constraint for IM admin roles" valuetype="String" required="false" multivalued="true" wellknown="%ADMIN_ROLE_CONSTRAINT%" maxlength="0" system="true" hidden="true"/>

&ltImsManagedObjectAttr physicalname="otherMobile" displayname="Administrative Scope" description="User's Administrative Scope" valuetype="String" required="false" multivalued="true" wellknown="%ADMIN_SCOPE%" maxlength="0" system="true" hidden="true"/>

&ltImsManagedObjectAttr physicalname="info" displayname="Disabled State" description="Disabled State" valuetype="String" required="false" multivalued="false" wellknown="%ENABLED_STATE%" maxlength="0"/>

&ltImsManagedObjectAttr physicalname="wWWHomePage" displayname="Password Hint" description="Password Hint" valuetype="String" required="false" multivalued="false" wellknown="%PASSWORD_HINT%" maxlength="0"/>

&ltImsManagedObjectAttr physicalname="url" displayname="Group Admin" description="Group Admin" valuetype="String" required="false" multivalued="true" wellknown="%GROUP_ADMIN%" maxlength="0" system="true" hidden="true"/>

&ltImsManagedObjectAttr physicalname="info" displayname="Self Subscribing" description="Self Subscribing Flag" valuetype="String" required="false" multivalued="false" wellknown="%SELF_SUBSCRIBING%" maxlength="0"/>