Appendix B Access Manager User LDAP Entries
A Sun JavaTM System Access Manager deployment that stores users in an LDAP directory other than Sun Java System Directory Server must add the following object classes and attributes to the directory schema:
For example, if you have configured a generic LDAPv3 repository plug-in or a Microsoft® Active Directory plug-in for a realm, you must create and add the user schema to the datastore. You must perform this operation manually, because pre-populated LDIF files are not currently available to use.
Object Classes
iplanet-am-session-service Object Class
Supported by: Access Manager
Definition: Contains session service related attributes.
Superior Class: top
Object Class Type: auxiliary
Required Attributes: none
Allowed Attributes:
iplanet-am-user-service Object Class
Supported by: Access Manager
Definition: Contains the Access Manager attributes necessary to manage user accounts.
Superior Class: top
Object Class Type: auxiliary
Required Attributes: none
Allowed Attributes:
iplanet-am-managed-person Object Class
Supported by: Access Manager
Definition: Contains Access Manager attributes used to manage users.
Superior Class: top
Object Class Type: auxiliary
Required Attributes: none
Allowed Attributes:
sunAMAuthAccountLockout Object Class
Supported by: Access Manager
Definition: Contains Access Manager attributes used to manage invalid login attempts and user lock out.
Superior Class: top
Object Class Type: auxiliary
Required Attributes: none
Allowed Attributes:
inetUser Object Class
Supported by: Sun One Directory Server
Definition: Auxiliary class that has to be present in an entry for delivery of subscriber services.
Superior Class: top
Object Class Type: auxiliary
Required Attributes: none
Allowed Attributes:
iplanet-am-saml-service Object Class
Supported by: Access Manager
Definition: Contains SAML service related attributes.
Superior Class: top
Object Class Type: auxiliary
Required Attributes: none
Allowed Attributes:
sunIdentityServerDiscoveryService Object Class
Supported by: Access Manager
Definition: Contains Discovery Service related attributes.
Superior Class: top
Object Class Type: auxiliary
Required Attributes: none
Allowed Attributes:
sunIdentityServerLibertyPPService Object Class
Supported by: Access Manager
Definition: Contains session service related personal profile (PP) attributes.
Superior Class: top
Object Class Type: auxiliary
Required Attributes: none
Allowed Attributes:
Attributes
iplanet-am-session-service Object Class Attributes
iplanet-am-session-max-session-time
Syntax: string
Description: Specifies the maximum session service Time
iplanet-am-session-max-idle-time
Syntax: string
Description: Specifies the maximum session idle time.
iplanet-am-session-max-caching-time
Syntax: string
Description: Specifies the maximum session caching time.
iplanet-am-session-quota-limit
Syntax: string
Description: Specifies the session quota constraints.
iplanet-am-session-service-status
Syntax: string
Description: Specifies the maximum session service status.
iplanet-am-session-get-valid-sessions
Syntax: string
Description: Specifies the get valid sessions.
iplanet-am-session-destroy-sessions
Syntax: string
Description: Specifies destroy session.
iplanet-am-session-add-session-listener-on-all-sessions
Syntax: string
Description: Specifies add session listener on all sessions.
iplanet-am-user-service Object Class Attributes
iplanet-am-user-admin-start-dn
Supported by: Access Manager
Syntax: dn, single-valued
Description: Specifies the starting point node (DN) displayed in the starting view of the Access Manager Console when this administrator logs in.
iplanet-am-user-alias-list
Syntax: string
Description: Specifies the user alias names list.
iplanet-am-user-auth-config
Syntax: string
Description: Specifies the user authentication configuration.
sunIdentityMSISDNNumber
Syntax: string
Description: Specifies the user Mobile Station Integrated Services Digital Network (MSISDN) number.
iplanet-am-user-failure-url
Syntax: string
Description: Specifies the redirection URL for a failed user authentication.
iplanet-am-user-success-url
Syntax: string
Description: Specifies the redirection URL for a successful user authentication.
iplanet-am-user-login-status
Syntax: string, single-valued
Description: Specifies the user login status:
-
Active - User is allowed to authenticate through the Access Manager.
-
Inactive - User is not allowed to authenticate through the Access Manager.
iplanet-am-user-password-reset-force-reset
Syntax: string
Description: Specifies the Password Reset Force Reset password.
iplanet-am-user-password-reset-options
Supported by: Access Manager
Syntax: string, single-valued
Description: Specifies options used by the Access Manager password reset module.
iplanet-am-user-password-reset-question-answer
Supported by: Access Manager
Syntax: string, single-valued
Description: Specifies the password question and answer used to prompt a user who has forgotten the password. The format is question answer.
iplanet-am-user-service-status
Supported by: Access Manager
Syntax: dn, single-valued
Description: Specifies the status of the user for various services.
iplanet-am-user-federation-info-key
Syntax: string
Description: Specifies the user Federation information key.
iplanet-am-user-federation-info
Syntax: string
Description: Specifies user Federation information.
iplanet-am-managed-person Object Class Attributes
iplanet-am-modifiable-by
Supported by: Access Manager
Syntax: dn, multi-valued
Description: Specifies the role-dn of the administrator who has access rights to modify this user entry. By default, the value is set to the role-dn of the administrator who created the account.
iplanet-am-role-aci-description
Supported by: Access Manager
Syntax: string, multi-valued
Description: Specifies the description of the ACI that belongs to this role.
iplanet-am-static-group-dn
Supported by: Access Manager
Syntax: dn, multi-valued
Description: Defines the DNs for the static groups that this user belongs to.
iplanet-am-user-account-life
Syntax: date string, single-valued
Description: Specifies the account expiration date in the following format:
yyyy/mm/dd hh:mm:ss
sunAMAuthAccountLockout Object Class Attributes
sunAMAuthInvalidAttemptsData
Syntax: string
Description: Specifies XML data for invalid login attempts.
inetUser Object Class Attributes
inetUserStatus
Syntax: string
Possible values: "active", "inactive", or "deleted"
Description: Specifies the status of a user.
iplanet-am-saml-service Object Class Attributes
iplanet-am-saml-user
Syntax: string
Description: Specifies the SAML user ID.
iplanet-am-saml-password
Syntax: string
Description: Specifies the SAML user password.
sunIdentityServerDiscoveryService Object Class Attributes
sunIdentityServerDynamicDiscoEntries
Syntax: string
Description: Specifies the dynamic disco entries.
sunIdentityServerLibertyPPService Object Class Attributes
sunIdentityServerPPCommonNameCN
Syntax: string
Description: Specifies the Liberty PP common name.
sunIdentityServerPPCommonNameAltCN
Syntax: string
Description: Specifies the Liberty PP alternate common name.
sunIdentityServerPPCommonNameFN
Syntax: string
Description: Specifies the Liberty PP common name first name.
sunIdentityServerPPCommonNameSN
Syntax: string
Description: Specifies the Liberty PP common name surname.
sunIdentityServerPPCommonNamePT
Syntax: string
Description: Specifies the Liberty PP common name first name personal title.
sunIdentityServerPPCommonNameMN
Syntax: string
Description: Specifies the Liberty PP common name middle name.
sunIdentityServerPPInformalName
Syntax: string
Description: Specifies the Liberty PP informal name.
sunIdentityServerPPLegalIdentityLegalName
Syntax: string
Description: Specifies the Liberty PP legal name.
sunIdentityServerPPLegalIdentityDOB
Syntax: string
Description: Specifies the Liberty PP date of birth.
sunIdentityServerPPLegalIdentityMaritalStatus
Syntax: string
Description: Specifies the Liberty PP marital status.
sunIdentityServerPPLegalIdentityGender
Syntax: string
Description: Specifies the Liberty PP gender.
sunIdentityServerPPLegalIdentityAltIDType
Syntax: string
Description: Specifies the Liberty PP alternate identity type.
sunIdentityServerPPLegalIdentityAltIDValue
Syntax: string
Description: Specifies the Liberty PP alternate identity value.
sunIdentityServerPPLegalIdentityVATIDType
Syntax: string
Description: Specifies the Liberty PP legal identity VATID type.
sunIdentityServerPPLegalIdentityVATIDValue
Syntax: string
Description: Specifies the Liberty PP legal identity VATID value.
sunIdentityServerPPEmploymentIdentityJobTitle
Syntax: string
Description: Specifies the Liberty PP job title.
sunIdentityServerPPEmploymentIdentityOrg
Syntax: string
Description: Specifies the Liberty PP employment organization.
sunIdentityServerPPEmploymentIdentityAltO
Syntax: string
Description: Specifies the Liberty PP alternate employment organization.
sunIdentityServerPPAddressCard
Syntax: string
Description: Specifies the Liberty PP address card.
sunIdentityServerPPMsgContact
Syntax: string
Description: Specifies the Liberty PP message contact.
sunIdentityServerPPFacadeMugShot
Syntax: string
Description: Specifies the Liberty PP façade mug shot.
sunIdentityServerPPFacadeWebSite
Syntax: string
Description: Specifies the Liberty PP façade website.
sunIdentityServerPPFacadeNamePronounced
Syntax: string
Description: Specifies the Liberty PP façade name pronounced.
sunIdentityServerPPFacadeGreetSound
Syntax: string
Description: Specifies the Liberty PP façade greet sound.
sunIdentityServerPPFacadeGreetMeSound
Syntax: string
Description: Specifies the Liberty PP façade greet me sound.
sunIdentityServerPPDemographicsDisplayLanguage
Syntax: string
Description: Specifies the Liberty PP demographics display language.
sunIdentityServerPPDemographicsLanguage
Syntax: string
Description: Specifies the Liberty PP demographics language.
sunIdentityServerPPDemographicsBirthday
Syntax: string
Description: Specifies the Liberty PP demographics birthday.
sunIdentityServerPPDemographicsAge
Syntax: string
Description: Specifies the Liberty PP demographics age.
sunIdentityServerPPDemographicsTimeZone
Syntax: string
Description: Specifies the Liberty PP demographics time zone.
sunIdentityServerPPSignKey
Syntax: string
Description: Specifies the Liberty PP signing key.
sunIdentityServerPPEncryptKey
Syntax: string
Description: Specifies the Liberty PP encryption key.
sunIdentityServerPPEmergencyContact
Syntax: string
Description: Specifies the Liberty PP emergency contact.
- © 2010, Oracle Corporation and/or its affiliates