Previous Contents Index Next |
iPlanet Directory Server Access Management Edition Administration Guide |
Chapter 20 User Attributes
There are two places which house user attributes: the Service Management and User Management windows. The Service Management window contains default attributes for registered organizations. The User Management window contains user entry attributes.
Service Management Attributes
Service Management Attributes
The User Attributes in the Service Management window are dynamic attributes. The values applied to dynamic attributes are assigned to a role or an organization that is configured in DSAME. When the role is assigned to a user or a user is assigned to the organization, the dynamic attributes become a characteristic of the user. The User Attributes are divided into:
User Preferred Language
Default user values are set in Service Management for all DSAME registered organizations. These values can be set differently for separate organizations by registering the user service to the specific organization, creating a template and inputting a value other than the default value.
User Preferred Language
This field specifies the user's choice for the text language displayed in the DSAME console. The default value is en. This value maps a set of localization keys to the user session so that onscreen text appears in a language appropriate for the user.
User Preferred Timezone
This field specifies the time zone in which the user accesses the DSAME console. There is no default value.
Inherited Locale
This field specifies the locale for the user. The default value is en_US. Any value from Table 9-1 can be used.
Admin DN Starting View
If this user is a DSAME administrator, this field specifies the node that would be the starting point displayed in the DSAME console when this user logs in. There is no default value. A valid DN for which the user has, at the least, read access can be used.
Default User Status
This option indicates the default status for any newly created user. This status is superseded by the User Entry status. Only active users can authenticate through DSAME. The default value is Active. Either of the following can be selected from the pull-down menu:
Active - The user can authenticate through DSAME.
The individual user status is set by registering the User service, choosing the value, applying it to a role and adding the role to the user's profile.Inactive - The user cannot authenticate through DSAME, but the user profile remains stored in the directory.
User Auth Modules
This option specifies individual user authentication modules to be accessed when the "User Based Auth" option is chosen in Core Authentication. The user will be presented with the configured authentication module(s) after entering the user id. The administrator can select one or more authentication services (from Anonymous, Certification, LDAP, Membership, RADIUS, SafeWord, and Unix) for the user to authenticate through.
Note Currently, the SafeWord authentication service is supported only on the Solaris platform. The Unix authentication service is not supported on Windows 2000.
User Profile Attributes
The User Profile Attributes are default attributes for user profiles. These values are set in the User Profile view by an administrator or by the user when they log on. Administrators can add their own user attributes to the user profile or create a new service. For more information see iPlanet Directory Server Access Management Edition Programmer's Guide.
Home Address
This field can take the home address of the user.
User Status
This option indicates whether the user is allowed to authenticate through DSAME. Only active users can authenticate through DSAME. The default value is Active. Either of the following can be selected from the pull-down menu:
Active - The user can authenticate through DSAME.
Inactive - The user cannot authenticate through DSAME, but the user profile remains stored in the directory.
First Name
This field takes the first name of the user. (The First Name value and the Last Name value identify the user in the Currently Logged In field in the upper right corner of the DSAME console.)
Last Name
This field takes the last name of the user. (The First Name value and the Last Name value identify the user in the Currently Logged In field in the upper right corner of the DSAME console.)
Full Name
This field takes the full name of the user.
Password
This field takes the password for the name specified in the UserId field.
Confirm Password
Password type attributes automatically set this field.
Email Address
This field takes the email address of the user.
Employee Number
This field takes the employee number of the user.
Telephone Number
This field takes the telephone number of the user.
Roles For This User
This field takes the valid DN for the roles that are applied to the user.
Groups for this User
This field takes the DN of the groups of which this user is a member.
Account Expiration Date
If this attribute is present, the authentication service will check the date disallow login if the user's account life is less than the current date. The format for this attribute is as follows:
Unique User IDs
In order to enforce uid uniqueness within the DSAME application, the plug-in, available in iPlanet Directory Server, must be configured as follows:
It is recommended that the nsManagedDomain object class is used to mark the organization in which uid uniqueness is desired. The plug-in is not enabled by default.
- dn: cn=uid uniqueness,cn=plugins,cn=config
- objectClass: top
- objectClass: nsSlapdPlugin
- objectClass: extensibleObject
- cn: uid uniqueness
- nsslapd-pluginPath: /ids908/lib/uid-plugin.so
- nsslapd-pluginInitfunc: NSUniqueAttr_Init
- nsslapd-pluginType: preoperation
- nsslapd-pluginEnabled: on
- nsslapd-pluginarg0: attribute=uid
- nsslapd-pluginarg1: markerObjectClass=nsManagedDomain
- nsslapd-plugin-depends-on-type: database
- nsslapd-pluginId: NSUniqueAttr
- nsslapd-pluginVersion: 5.1
- nsslapd-pluginVendor: Sun | Netscape Alliance
- nsslapd-pluginDescription: Enforce unique attribute values
To configure the uniqueness of uids per organization, either add the DN for each organization in the plug-in entry or use the marker object class option and add nsManagedDomain to each top level organization entry.
- nsslapd-pluginEnabled: on
- nsslapd-pluginarg0: attribute=uid
- nsslapd-pluginarg1: markerObjectClass=nsManagedDomain
Previous Contents Index Next
Copyright © 2002 Sun Microsystems, Inc. All rights reserved.
Last Updated May 09, 2002