Sun Java logo     Previous      Contents      Index      Next     

Sun logo
Sun Java System Access Manager 6 2005Q1 Administration Guide 

Chapter 45  
User Attributes

There are two places which house user attributes: the Service Configuration and User Management windows. The Service Configuration window contains default attributes for registered organizations. The User Management window contains user entry attributes.

User Service Attributes

The User Service Attributes are dynamic attributes. The values applied to dynamic attributes are assigned to a role or an organization that is configured in Access Manager. When the role is assigned to a user or a user is assigned to the organization, the dynamic attributes become a characteristic of the user. The User Attributes are divided into:

Default user values are set for all Access Manager registered organizations. These values can be set differently for separate organizations by registering the user service to the specific organization, creating a template and inputting a value other than the default value.

User Preferred Language

This field specifies the user’s choice for the text language displayed in the Access Manager console. The default value is en. This value maps a set of localization keys to the user session so that the on-screen text appears in a language appropriate for the user.

User Preferred Timezone

This field specifies the time zone in which the user accesses the Access Manager console. There is no default value.

Inherited Locale

This field specifies the locale for the user. The default value is en_US. Any value from Table 21-1 on page 301 can be used.

Administrator DN Starting View

If this user is a Access Manager administrator, this field specifies the node that would be the starting point displayed in the Access Manager console when this user logs in. There is no default value. A valid DN for which the user has, at the least, read access can be used.

Default User Status

This option indicates the default status for any newly created user. This status is superseded by the User Entry status. Only active users can authenticate through Access Manager. The default value is Active. Either of the following can be selected from the pull-down menu:

The individual user status is set by registering the User service, choosing the value, applying it to a role and adding the role to the user’s profile.

User Profile Attributes

The User Profile Attributes are default attributes for user profiles. These values are set in the User Profile view by an administrator or by the user when they log on. Administrators can add their own user attributes to the user profile or create a new service. For more information see Access Manager Developer’s Guide.

Note

Access Manager does not enforce uniqueness for attributes within user entries. For example, userA and userB are both created in the same organization. For both, the email address attribute can be set jimb@madisonparc.com. The administrator can configure Sun Java System Directory Server’s attribute uniqueness plug-in to help enforce unique attribute values. For more information, see Unique User IDs at the end of this chapter or the Sun Java System Directory Server Administrator’s Guide.

First Name

This field takes the first name of the user. (The First Name value and the Last Name value identify the user in the Currently Logged In field in the upper right corner of the Access Manager console.)

Last Name

This field takes the last name of the user. (The First Name value and the Last Name value identify the user in the Currently Logged In field in the upper right corner of the Access Manager console.)

Full Name

This field takes the full name of the user.

Password

This field takes the password for the name specified in the UserId field.

Password (Confirm)

Confirmation of the password.

Email Address

This field takes the email address of the user.

Employee Number

This field takes the employee number of the user.

Telephone Number

This field takes the telephone number of the user.

Home Address

This field can take the home address of the user.

User Status

This option indicates whether the user is allowed to authenticate through Access Manager. Only active users can authenticate through Access Manager. The default value is Active. Either of the following can be selected from the pull-down menu:

Account Expiration Date

If this attribute is present, the authentication service will disallow login if the current date and time has passed the specified Account Expiration Date. The format for this attribute is as follows:

(mm/dd/yyyy hh:mm)

User Authentication Configuration

This attribute sets the authentication method for the user. The default authentication method is LDAP. One or more authentication methods can be selected by clicking the Edit link. If more than on method is selected, then the user may have to successfully authenticate to all of selected methods.

User Alias List

The field defines a list of aliases that may be applied to the user. In order to use any aliases configured in this attribute, the LDAP service has to be modified by adding the iplanet-am-user-alias-list attribute to the User Entry Search Attributes field in the LDAP service.

Preferred Locale

This field specifies the locale for the user. The default value is en_US. Any value from Table 21-1 on page 301 can be used.

You can use one of the following attributes in the pull-down menu:

Success URL

This field accepts a list of multiple values that specify the URL to which users are redirected after successful authentication. The format of this attribute is clientType|URL, although you can specify only the value of the URL which assumes a default type of HTML

Failure URL

This field accepts a list of multiple values that specify the URL to which users are redirected after an unsuccessful authentication. The format of this attribute is clientType|URL, although you can specify only the value of the URL which assumes a default type of HTML

Unique User IDs

In order to enforce uid uniqueness within the Access Manager application, the plug-in, available in Directory Server, must be configured as follows:

dn: cn=uid uniqueness,cn=plugins,cn=config

objectClass: top

objectClass: nsSlapdPlugin

objectClass: extensibleObject

cn: uid uniqueness

nsslapd-pluginPath: /ids908/lib/uid-plugin.so

nsslapd-pluginInitfunc: NSUniqueAttr_Init

nsslapd-pluginType: preoperation

nsslapd-pluginEnabled: on

nsslapd-pluginarg0: attribute=uid

nsslapd-pluginarg1: markerObjectClass=nsManagedDomain

nsslapd-plugin-depends-on-type: database

nsslapd-pluginId: NSUniqueAttr

nsslapd-pluginVersion: 6.1

nsslapd-pluginVendor: Sun | SunONE

nsslapd-pluginDescription: Enforce unique attribute values

It is recommended that the nsManagedDomain object class is used to mark the organization in which uid uniqueness is desired. The plug-in is not enabled by default.

To configure the uniqueness of uids per organization, either add the DN for each organization in the plug-in entry or use the marker object class option and add nsManagedDomain to each top-level organization entry.

nsslapd-pluginEnabled: on

nsslapd-pluginarg0: attribute=uid

nsslapd-pluginarg1: markerObjectClass=nsManagedDomain



Previous      Contents      Index      Next     

Part No: 817-7647-11.   Copyright 2005 Sun Microsystems, Inc. All rights reserved.