The syntax (or type) of an attribute usually determines whether the attribute is supported. In general, Identity Manager supports Boolean, string, integer, and binary syntaxes. A binary attribute is an attribute that can be safely expressed only as a byte array.
The following table lists the supported LDAP syntaxes. Other LDAP syntaxes might be supported, as long as it is Boolean, string, or integer in nature. Octet strings are NOT supported.
LDAP Syntax |
Attribute Type |
Object ID |
---|---|---|
Audio |
Binary |
1.3.6.1.4.1.1466.115.121.1.4 |
Binary |
Binary |
1.3.6.1.4.1.1466.115.121.1.5 |
Boolean |
Boolean |
1.3.6.1.4.1.1466.115.121.1.7 |
Country String |
String |
1.3.6.1.4.1.1466.115.121.1.11 |
DN |
String |
1.3.6.1.4.1.1466.115.121.1.12 |
Directory String |
String |
1.3.6.1.4.1.1466.115.121.1.15 |
Generalized Time |
String |
1.3.6.1.4.1.1466.115.121.1.24 |
IA5 String |
String |
1.3.6.1.4.1.1466.115.121.1.26 |
Integer |
Int |
1.3.6.1.4.1.1466.115.121.1.27 |
Postal Address |
String |
1.3.6.1.4.1.1466.115.121.1.41 |
Printable String |
String |
1.3.6.1.4.1.1466.115.121.1.44 |
Telephone Number |
String |
1.3.6.1.4.1.1466.115.121.1.50 |
The following attributes are displayed on the Account Attributes page for the LDAP resource adapters. All attributes are of type String unless otherwise noted.
Identity System Attribute |
Resource User Attribute |
LDAP Syntax |
Description |
---|---|---|---|
accountId |
uid |
Directory string |
User ID |
accountId |
cn |
Directory string |
Required. The user’s full name. |
firstname |
givenname |
Directory string |
The user’s first (given) name. |
lastname |
sn |
Directory string |
Required. The user’s last name (surname). |
modifyTimeStamp |
modifyTimeStamp |
Generalized time |
Indicates when a user entry was modified. |
password |
userPassword |
Octet string |
Encrypted. The user’s password. |
The account attributes in the following table are not displayed in the schema by default. You must add the attribute to the schema map before you can manage groups.
Identity System Attribute |
Resource User Attribute |
LDAP Syntax |
Description |
---|---|---|---|
user defined |
ldapGroups |
ldapGroups |
A list of distinguished names of groups the LDAP user is a member of. The resource attribute Group Member Attr specifies the attribute of the LDAP group entry that will be updated to contain the distinguished name of the user. The default value for the Group Member Attr is uniquemember. |
user defined |
posixGroups |
N/A |
A list of distinguished names of posixGroups entries the LDAP user is a member of. For an account to be assigned membership in a Posix group, it must have a value for the uid LDAP attribute. The memberUid attribute of the posixGroup entries will be updated to contain the uid of the user. |
Note the following behavior when either posixGroups or ldapGroups is defined in the schema map:
When an LDAP account is deleted, then Identity Manager removes the account’s DN from any LDAP groups and the account’s uid from any posixGroups.
When the uid of an account changes, then Identity Manager replaces the old uid with the new uid in the appropriate posixGroups.
When an account is renamed, then Identity Manager replaces the old DN with the new DN in the appropriate LDAP groups.
The following table lists additional supported attributes that are defined in the LDAP Person object class. Some attributes defined in the Person object class are displayed by default.
Identity System Attribute |
Resource User Attribute |
LDAP Syntax |
Description |
---|---|---|---|
description |
Directory string |
String |
A short informal explanation of special interests of a person |
seeAlso |
DN |
String |
A reference to another person |
telephoneNumber |
Telephone number |
String |
Primary telephone number |
The following table lists additional supported attributes that are defined in the LDAP Organizationalperson object class. This object class can also inherit attributes from the Person object class.
Resource User Attribute |
LDAP Syntax |
Attribute Type |
Description |
---|---|---|---|
destinationIndicator |
Printable string |
String |
This attribute is used for the telegram service. |
facsimileTelephoneNumber |
Facsimile telephone number |
String |
The primary fax number. |
internationaliSDNNumber |
Numeric string |
String |
Specifies an International ISDN number associated with an object. |
l |
Directory string |
String |
The name of a locality, such as a city, county or other geographic region |
ou |
Directory string |
String |
The name of an organizational unit |
physicalDeliveryOfficeName |
Directory string |
String |
The office where deliveries are routed to. |
postalAddress |
Postal address |
String |
The office location in the user’s place of business. |
postalCode |
Directory string |
String |
The postal or zip code for mail delivery. |
postOfficeBox |
Directory string |
String |
The P.O. Box number for this object. |
preferredDeliveryMethod |
Delivery method |
String |
The preferred way to deliver to addressee |
registeredAddress |
Postal Address |
String |
A postal address suitable for reception of telegrams or expedited documents, where it is necessary to have the recipient accept delivery. |
st |
Directory string |
String |
State or province name. |
street |
Directory string |
String |
The street portion of the postal address. |
teletexTerminalIdentifier |
Teletex Terminal Identifier |
String |
The teletex terminal identifier for a teletex terminal associated with an object |
telexNumber |
Telex Number |
String |
The telex number in the international notation |
title |
Directory string |
String |
Contains the user’s job title. This property is commonly used to indicate the formal job title, such as Senior Programmer, rather than occupational class, such as programmer. It is not typically used for suffix titles such as Esq. or DDS. |
x121Address |
Numeric string |
String |
The X.121 address for an object. |
The following table lists additional supported attributes that are defined in the LDAP inetOrgPerson object class. This object class can also inherit attributes from the organizationalPerson object class.
Identity System Attribute |
Resource User Attribute |
LDAP Syntax |
Description |
---|---|---|---|
audio |
Audio |
Binary |
An audio file. |
businessCategory |
Directory string |
String |
The kind of business performed by an organization. |
carLicense |
Directory string |
String |
Vehicle license or registration plate |
departmentNumber |
Directory string |
String |
Identifies a department within an organization |
displayName |
Directory string |
String |
Preferred name of a person to be used when displaying entries |
employeeNumber |
Directory string |
String |
Numerically identifies an employee within an organization |
employeeType |
Directory string |
String |
Type of employment, such as Employee or Contractor |
homePhone |
Telephone number |
String |
The user’s home telephone number. |
homePostalAddress |
Postal address |
String |
The user’s home address. |
initials |
Directory string |
String |
Initials for parts of the user’s full name |
jpegPhoto |
JPEG |
Binary |
An image in JPEG format. |
labeledURI |
Directory string |
String |
A Universal Resource Indicator (URI) and optional label associated with the user. |
|
IA5 string |
String |
One or more email addresses. |
manager |
DN |
String |
Directory name of the user’s manager. |
mobile |
Telephone number |
String |
The user’s cell phone number. |
o |
Directory string |
String |
The name of an organization. |
pager |
Telephone number |
String |
The user’s pager number. |
preferredLanguage |
Directory string |
String |
Preferred written or spoken language for a person. |
roomNumber |
Directory string |
String |
The user’s office or room number. |
secretary |
DN |
String |
Directory name of the user’s administrative assistant. |
userCertificate |
certificate |
Binary |
A certificate, in binary format. |