The syntax (or type) of an attribute usually determines whether the attribute is supported. In general, Identity Manager supports Boolean, string, and integer syntaxes. Binary strings and similar syntaxes are not supported.
This section provides information about supported and unsupported account syntaxes.
The following table lists the Active Directory syntax supported by Identity Manager:
Table 57–3 List of Supported Syntaxes
AD Syntax |
Identity Manager Syntax |
Syntax ID |
OM ID |
ADS Type |
---|---|---|---|---|
Boolean |
Boolean |
2.5.5.8 |
1 |
ADSTYPE_BOOLEAN |
Enumeration |
String |
2.5.5.9 |
10 |
ADSTYPE_INTEGER |
Integer |
Int |
2.5.5.9 |
2 |
ADSTYPE_INTEGER |
DN String |
String |
2.5.5.1 |
127 |
ADSTYPE_DN_STRING |
Presentation Address |
String |
2.5.5.13 |
127 |
ADSTYPE_CASE_IGNORE_STRING |
IA5 String |
String |
2.5.5.5 |
22 |
ADSTYPE_PRINTABLE_STRING |
Printable String |
String |
2.5.5.5 |
19 |
ADSTYPE_PRINTABLE_STRING |
Numeric String |
String |
2.5.5.6 |
18 |
ADSTYPE_NUMERIC_STRING |
OID String |
String |
2.5.5.2 |
6 |
ADSTYPE_CASE_IGNORE_STRING |
Case Ignore String (teletex) |
String |
2.5.5.4 |
20 |
ADSTYPE_CASE_IGNORE_STRING |
Unicode String |
String |
2.5.5.12 |
64 |
ADSTYPE_OCTET_STRING |
Interval |
String |
2.5.5.16 |
65 |
ADSTYPE_LARGE_INTEGER |
LargeInteger |
String |
2.5.5.16 |
65 |
ADSTYPE_LARGE_INTEGER |
The following table lists the Active Directory syntaxes that are not supported by Identity Manager:
Table 57–4 Unsupported Active Directory Syntaxes
Syntax |
Syntax ID |
OM ID |
ADS Type |
---|---|---|---|
DN with Unicode string |
2.5.5.14 |
127 |
ADSTYPE_DN_WITH_STRING |
DN with binary |
2.5.5.7 |
127 |
ADSTYPE_DN_WITH_BINARY |
OR-Name |
2.5.5.7 |
127 |
ADSTYPE_DN_WITH_BINARY |
Replica Link |
2.5.5.10 |
127 |
ADSTYPE_OCTET_STRING |
NT Security Descriptor |
2.5.5.15 |
66 |
ADSTYPE_NT_SECURITY_DESCRIPTOR |
Octet String |
2.5.5.10 |
4 |
ADSTYPE_OCTET_STRING |
SID String |
2.5.5.17 |
4 |
ADSTYPE_OCTET_STRING |
UTC Time String |
2.5.5.11 |
23 |
ADSTYPE_UTC_TIME |
Object(Access-Point) |
2.5.5.14 |
127 |
n/a |
Identity Manager supports the jpegPhoto and thumbnailPhoto account attributes, which use the Replica Link syntax. Other Replica Link attributes might be supported, but they have not been tested.
This section provides information about the Active Directory account attributes that are supported and those not supported by Identity Manager.
The following tables list the account attributes supported by Identity Manager: Other attributes might also be supported.
For description of these attributes, see Chapter 6, Active Directory.
Table 57–5 Attributes of ACCOUNT Object Class
Name |
Attribute Type |
Create? |
Update? |
Allows Multiple Values |
---|---|---|---|---|
sAMAccountName |
String |
Yes |
No |
No |
givenName |
String |
Yes |
Yes |
No |
sn |
String |
Yes |
Yes |
No |
displayName |
String |
Yes |
Yes |
No |
|
String |
Yes |
Yes |
No |
telephoneNumber |
String |
Yes |
Yes |
No |
employeeID |
String |
Yes |
Yes |
No |
division |
String |
Yes |
Yes |
No |
mobile |
String |
Yes |
Yes |
No |
middleName |
String |
Yes |
Yes |
No |
description |
String |
Yes |
Yes |
Yes |
department |
String |
Yes |
Yes |
Yes |
manager |
String |
Yes |
Yes |
Yes |
title |
String |
Yes |
Yes |
Yes |
initials |
String |
Yes |
Yes |
Yes |
co |
String |
Yes |
Yes |
Yes |
company |
String |
Yes |
Yes |
Yes |
facsimileTelephoneNumber |
String |
Yes |
Yes |
Yes |
homePhone |
String |
Yes |
Yes |
Yes |
streetAddress |
String |
Yes |
Yes |
Yes |
1 |
String |
Yes |
Yes |
Yes |
st |
String |
Yes |
Yes |
Yes |
postalCode |
String |
Yes |
Yes |
Yes |
TerminalServicesInitialProgram |
String |
No |
No |
Yes |
TerminalServicesWorkDirectory |
String |
Yes |
Yes |
Yes |
AllowLogon |
Integer |
Yes |
Yes |
Yes |
MaxConnectionTime |
Integer |
Yes |
Yes |
Yes |
MaxDisconnectionTime |
Integer |
No |
No |
Yes |
MaxIdleTime |
Integer |
Yes |
Yes |
Yes |
ConnectClientDrivesAtLogon |
Integer |
No |
No |
Yes |
ConnectClientPrintersAtLogon |
Integer |
No |
No |
Yes |
DefaultToManPrinter |
Integer |
No |
No |
Yes |
BrokenConnectionAction |
Integer |
No |
No |
Yes |
ReconnectionAction |
Integer |
No |
No |
Yes |
EnableRemoteControl |
Integer |
No |
No |
Yes |
TerminalServicesProfilePath |
String |
No |
No |
Yes |
TerminalServicesHomeDirectory |
String |
No |
No |
Yes |
TerminalServicesHomeDrive |
String |
No |
No |
Yes |
uSNChanged |
String |
No |
No |
Yes |
ad_container |
String |
No |
No |
Yes |
otherHomePhone |
String |
Yes |
Yes |
Yes |
distinguishedName |
String |
No |
No |
Yes |
objectClass |
String |
No |
No |
Yes |
homeDirectory |
String |
Yes |
Yes |
Yes |
PasswordNeverExpires |
Boolean |
Yes |
Yes |
Yes |
Table 57–6 Attributes of GROUP Object Class
Name |
Attribute Type |
Create? |
Update? |
Allows Multiple Values |
---|---|---|---|---|
cn |
String |
No |
No |
Yes |
samAccountName |
String |
Yes |
Yes |
Yes |
description |
String |
Yes |
Yes |
Yes |
displayName |
String |
No |
No |
Yes |
managedBy |
String |
Yes |
Yes |
Yes |
|
String |
Yes |
Yes |
Yes |
groupType |
Int |
Yes |
Yes |
Yes |
objectClass |
String |
No |
No |
Yes |
member |
String |
No |
No |
Yes |
ad_container |
String |
No |
No |
Yes |
Table 57–7 Attributes of organizationalUnit Object Class
Name |
Attribute Type |
Create? |
Update? |
Allows Multiple Attributes |
---|---|---|---|---|
ou |
String |
No |
No |
No |
displayName |
String |
No |
No |
No |