Account Attributes
The syntax (or type) of an attribute usually determines whether the attribute is supported. In general, Identity Manager supports Boolean, string, integer, and binary syntaxes. A binary attribute is an attribute that can be safely expressed only as a byte array.
The following table lists the supported LDAP syntaxes. Other LDAP syntaxes might be supported, as long as it is Boolean, string, or integer in nature. Octet strings are NOT supported.
|
LDAP Syntax |
Attribute Type |
Object ID |
|---|---|---|
|
Audio |
Binary |
1.3.6.1.4.1.1466.115.121.1.4 |
|
Binary |
Binary |
1.3.6.1.4.1.1466.115.121.1.5 |
|
Boolean |
Boolean |
1.3.6.1.4.1.1466.115.121.1.7 |
|
Country String |
String |
1.3.6.1.4.1.1466.115.121.1.11 |
|
DN |
String |
1.3.6.1.4.1.1466.115.121.1.12 |
|
Directory String |
String |
1.3.6.1.4.1.1466.115.121.1.15 |
|
Generalized Time |
String |
1.3.6.1.4.1.1466.115.121.1.24 |
|
IA5 String |
String |
1.3.6.1.4.1.1466.115.121.1.26 |
|
Integer |
Int |
1.3.6.1.4.1.1466.115.121.1.27 |
|
Postal Address |
String |
1.3.6.1.4.1.1466.115.121.1.41 |
|
Printable String |
String |
1.3.6.1.4.1.1466.115.121.1.44 |
|
Telephone Number |
String |
1.3.6.1.4.1.1466.115.121.1.50 |
Default Account Attributes
The following attributes are displayed on the Account Attributes page for the Communications Services resource adapters. All attributes are of type String unless otherwise noted.
|
Identity System User Attribute |
Resource User Attribute |
Description |
|---|---|---|
|
accountId |
uid |
User ID |
|
accountId |
cn |
Required. The user’s full name. |
|
password |
userPassword |
Encrypted |
|
firstname |
givenname |
The user’s first (given) name. |
|
lastname |
sn |
Required. The user’s last name (surname). |
|
|
|
The user’s fully-qualified email address. |
|
modifyTimeStamp |
modifyTimeStamp |
Indicates when a user entry was modified. By default, this attribute is displayed for the Sun Communications Services adapter only. |
|
objectClass |
objectClass |
The object class to monitor for changes. |
|
alternateEmail |
mailalternateaddress |
Alternate email address of this recipient. |
|
mailDeliveryOption |
maildeliveryoption |
Specifies delivery options for the mail recipient. One or more values are permitted on a user or group entry, supporting multiple delivery paths for inbound messages. Values will apply differently depending on whether the attribute is used in inetMailGroup or inetMailUser. |
|
mailHost |
mailhost |
The fully qualified host name of the mail transfer agent (MTA) that is the final destination of messages sent to this recipient. |
|
mailForwardingAddress |
mailforwardingaddress |
Specifies one or more forwarding addresses for inbound messages. |
|
inetUserStatus |
inetuserstatus |
Specifies the status of a user’s account with regard to global server access. The possible values are active, inactive, or deleted. |
|
mailQuota |
mailquota |
The amount of disk space, in bytes, allowed for the user’s mailbox. |
|
mailAutoReplySubject |
mailautoreplysubject |
Text to be used as the subject of an auto-reply response. |
|
mailAutoReplyText |
mailautoreplytext |
Auto-reply text sent to all senders except users in the recipient’s domain. |
|
mailAutoReplyTextInternal |
mailautoreplytextinternal |
Auto-reply text sent to senders from the recipients domain. |
|
vacationStartDate |
vacationstartdate |
Vacation start date and time, in the format YYYYMMDDHHMMSSZ. |
|
vacationEndDate |
vacationenddate |
Vacation end date and time, in the format YYYYMMDDHHMMSSZ. |
|
mailAutoReplyMode |
mailautoreplymode |
The autoreply mode for user mail account. The possible values are echo and reply. |
Default Supported Object Classes
By default, the Sun Java System Communications Services resource adapter uses the following object classes when creating new user objects in the LDAP tree. Other object classes may be added.
-
top
-
person
-
inetUser
-
organizationalPerson
-
inetOrgPerson
-
ipUser
-
userPresenceProfile
-
iplanet-am-managed-person
-
inetMailUser
-
inetLocalMailRecipient
-
icscalendaruser
top Object Class
The top object class must contain the objectClass attribute, which is present as an account attribute by default. The top object class is extended by a number of object classes, including the person object class.
person Object Class
The following table lists additional supported attributes that are defined in the LDAP person object class.
|
Resource User Attribute |
LDAP Syntax |
Attribute Type |
Description |
|---|---|---|---|
|
description |
Directory string |
String |
A short informal explanation of special interests of a person |
|
seeAlso |
DN |
String |
A reference to another person. |
|
telephoneNumber |
Telephone number |
String |
Primary telephone number |
inetUser Object Class
The inetUser object class represents a user account, or a resource (defined as any object to which services are provided) account, and is used in conjunction with inetMailUser and ipUser for creating a mail account. When creating user accounts, this object class extends the base entry created by inetOrgPerson.
The following table lists additional supported attributes that are defined in the inetUser object class.
|
Resource User Attribute |
LDAP Syntax |
Attribute Type |
Description |
|---|---|---|---|
|
inetUserStatus |
Directory string |
String |
Specifies the status of a user’s account with regard to global server access. The possible values are active, inactive, and deleted. |
organizationalPerson Object Class
The following table lists additional supported attributes that are defined in the LDAP Organizationalperson object class. This object class can also inherit attributes from the Person object class.
|
Resource User Attribute |
LDAP Syntax |
Attribute Type |
Description |
|---|---|---|---|
|
destinationIndicator |
Printable string |
String |
This attribute is used for the telegram service. |
|
facsimileTelephoneNumber |
Facsimile telephone number |
String |
The primary fax number. |
|
internationaliSDNNumber |
Numeric string |
String |
Specifies an International ISDN number associated with an object. |
|
l |
Directory string |
String |
The name of a locality, such as a city, county or other geographic region |
|
ou |
Directory string |
String |
The name of an organizational unit |
|
physicalDeliveryOfficeName |
Directory string |
String |
The office where deliveries are routed to. |
|
postalAddress |
Postal address |
String |
The office location in the user’s place of business. |
|
postalCode |
Directory string |
String |
The postal or zip code for mail delivery. |
|
postOfficeBox |
Directory string |
String |
The P.O. Box number for this object. |
|
preferredDeliveryMethod |
Delivery method |
String |
The preferred way to deliver to addressee |
|
registeredAddress |
Postal Address |
String |
A postal address suitable for reception of telegrams or expedited documents, where it is necessary to have the recipient accept delivery. |
|
st |
Directory string |
String |
State or province name. |
|
street |
Directory string |
String |
The street portion of the postal address. |
|
teletexTerminalIdentifier |
Teletex Terminal Identifier |
String |
The teletex terminal identifier for a teletex terminal associated with an object |
|
telexNumber |
Telex Number |
String |
The telex number in the international notation |
|
title |
Directory string |
String |
Contains the user’s job title. This property is commonly used to indicate the formal job title, such as Senior Programmer, rather than occupational class, such as programmer. It is not typically used for suffix titles such as Esq. or DDS. |
|
x121Address |
Numeric string |
String |
The X.121 address for an object. |
inetOrgPerson Object Class
The following table lists additional supported attributes that are defined in the LDAP inetOrgPerson object class. This object class can also inherit attributes from the organizationalPerson object class.
|
Resource User Attribute |
LDAP Syntax |
Attribute Type |
Description |
|---|---|---|---|
|
audio |
Audio |
Binary |
An audio file. |
|
businessCategory |
Directory string |
String |
The kind of business performed by an organization. |
|
carLicense |
Directory string |
String |
Vehicle license or registration plate |
|
departmentNumber |
Directory string |
String |
Identifies a department within an organization |
|
displayName |
Directory string |
String |
Preferred name of a person to be used when displaying entries |
|
employeeNumber |
Directory string |
String |
Numerically identifies an employee within an organization |
|
employeeType |
Directory string |
String |
Type of employment, such as Employee or Contractor |
|
homePhone |
Telephone number |
String |
The user’s home telephone number. |
|
homePostalAddress |
Postal address |
String |
The user’s home address. |
|
initials |
Directory string |
String |
Initials for parts of the user’s full name |
|
jpegPhoto |
JPEG |
Binary |
An image in JPEG format. |
|
labeledURI |
Directory string |
String |
A Universal Resource Indicator (URI) and optional label associated with the user. |
|
|
IA5 string |
String |
One or more email addresses. |
|
manager |
DN |
String |
Directory name of the user’s manager. |
|
mobile |
Telephone number |
String |
The user’s cell phone number. |
|
o |
Directory string |
String |
The name of an organization. |
|
pager |
Telephone number |
String |
The user’s pager number. |
|
preferredLanguage |
Directory string |
String |
Preferred written or spoken language for a person. |
|
roomNumber |
Directory string |
String |
The user’s office or room number. |
|
secretary |
DN |
String |
Directory name of the user’s administrative assistant. |
|
userCertificate |
certificate |
Binary |
A certificate, in binary format. |
ipUser
The ipUser object class holds the reference to the personal address book container and the class of service specifier.
The following table lists additional supported attributes that are defined in the ipUser object class.
|
Resource User Attribute |
Syntax |
Attribute Type |
Description |
|---|---|---|---|
|
inetCoS |
String, multi-valued |
String |
Specifies the name of the Class of Service (CoS) template supplying values for attributes in the user entry. |
|
memberOfPAB |
String, multi-valued |
String |
The unique name of the personal address book(s) in which this entry belongs. |
|
maxPabEntries |
Integer, single-valued |
Integer |
The maximum number of personal address book entries users are permitted to have in their personal address book store. |
|
pabURI |
String, single valued |
String |
LDAP URI specifying the container of the personal address book entries for this user. |
userPresenceProfile
The userPresenceProfile object class stores the presence information for a user.
This object class may contain the vacationStartDate and vacationEndDate attribute, which are present as account attributes by default.
iplanet-am-managed-person
The iplanet-am-managed-person object class contains attributes that Sun Java System Access Manager needs to manage users.
The following table lists additional supported attributes that are defined in the ipUser object class.
|
Resource User Attribute |
Syntax |
Attribute Type |
Description |
|---|---|---|---|
|
iplanet-am-modifiable-by |
DN, multi-valued |
String |
The role-dn of the administrator who has access rights to modify the user entry. |
|
iplanet-am-role-aci-description |
String, multi-valued |
String |
Description of the ACI that belongs to the role. |
|
iplanet-am-static-group-dn |
DN, multi-valued |
String |
Defines the DNs for the static groups the user belongs to. |
|
iplanet-am-user-account-life |
Date string, single-valued |
String |
Specifies the account expiration date in the following format:yyyy/mm/dd hh:mm:ss |
inetMailUser
The inetMailUser extends the base entry created by inetOrgPerson to define a messaging service user. It represents a mail account and is used in conjunction with inetUser and inetLocalMailRecipient.
The following table lists additional supported attributes that are defined in the inetMailUser object class.
|
Resource User Attribute |
Syntax |
Attribute Type |
Description |
|---|---|---|---|
|
dataSource |
String, single-valued |
String |
Text field to store a tag or identifier. |
|
mailAllowedServiceAccess |
String, single-valued |
String |
Stores access filters (rules). |
|
mailAntiUBEService |
String, multi-valued |
String |
Instructions for a program that handles unsolicited bulk email. |
|
mailAutoReplyTimeOut |
Integer, single-valued |
Integer |
Duration, in hours, for successive auto-reply responses to any given mail sender. |
|
mailConversionTag |
String, multi-valued |
String |
Method of specifying unique conversion behavior for a user or group entry. |
|
mailDeferProcessing |
String, single-valued |
String |
Controls whether or not address expansion of the current user or group entry is performed immediately, or deferred. |
|
mailEquivalentAddress |
String, multi-valued |
String |
Equivalent to mailAlternateAddress in regard to mail routing, except with this attribute, the header doesn’t get rewritten. |
|
mailMessageStore |
String, single-valued |
String |
Specifies the message store partition name for the user. |
|
mailMsgMaxBlocks |
Integer, single-valued |
Integer |
The size in units of MTA blocks of the largest message that can be sent to this user or group. |
|
mailMsgQuota |
Integer, single-valued |
Integer |
Maximum number of messages permitted for a user |
|
mailProgramDeliveryInfo |
String, multi-valued |
String |
Specifies one or more programs used for program delivery. |
|
mailSieveRuleSource |
String, multi-valued |
String |
Contains a SIEVE rule (RFC 3028 compliant) used to create a message filter script for a user entry. |
|
mailSMTPSubmitChannel |
String, single-valued |
String |
This attribute is a factor involved in setting up guaranteed message delivery, or in setting up other special classes of service. |
|
mailUserStatus |
String, single-valued |
String |
Current status of the mail user. Can be one of the following values: active, inactive, deleted, hold, overquota, or removed. |
|
nswmExtendedUserPrefs |
String, multi-valued |
String |
Holds the pairs that define Messenger Express preferences, such as sort order and Mail From address. |
inetLocalMailRecipient
The inetLocalMailRecipient object class stores information that provides a way to designate an LDAP entry as one that represents a local email recipient, to specify the recipient’s email addresses, and to provide routing information pertinent to the recipient.
The following table lists additional supported attributes that are defined in the inetLocalMailReceipient object class. (All other attributes in this object class are present as account attributes by default.)
|
Resource User Attribute |
LDAP Syntax |
Attribute Type |
Description |
|---|---|---|---|
|
mailRoutingAddress |
String, single-valued |
String |
Used together with mailHost to determine whether or not the address should be acted upon at this time or forwarded to another system. |
icsCalendarUser
The icsCalendarUser object class defines a Calendar Server user.
The following table lists additional supported attributes that are defined in the icsCalendarUser object class. (All other attributes in this object class are present as account attributes by default.)
|
Resource User Attribute |
LDAP Syntax |
Attribute Type |
Description |
|---|---|---|---|
|
icsAllowedServiceAccess |
String, single-valued |
String |
Disallows calendar services to a user. |
|
icsCalendar |
String, single-valued |
String |
The calendar ID (calid) of the default calendar for a user or resource. Required attribute for Calendar Manager. |
|
icsCalendarOwned |
String, multi-valued |
String |
Calendars owned by this user. |
|
icsDWPHost |
String, single-valued |
String |
Stores a Database Wire Protocol (DWP) host name so that the calendar ID can be resolved to the DWP server that stores the calendar and its data. |
|
icsExtendedUserPrefs |
String, multi-valued |
String |
Extensions for calendar user preferences. |
|
icsFirstDay |
String, single-valued |
Integer |
First day of the week to be displayed on user’s calendar. |
|
icsSet |
String, multi-valued |
String |
Defines one group of calendars. The value for this attribute is a six-part string, with each part separated by a dollar sign ($). |
|
icsStatus |
String, single-valued |
String |
This attribute must be set when assigning calendar services to a domain. The possible values are active, inactive, and deleted. |
|
icsSubscribed |
String, multi-valued |
String |
List of calendars to which this user is subscribed. |
|
icsTimezone |
String |
String |
The default time zone for this user or resource calendar if one is not explicitly assigned through their own user preferences. |
|
preferredLanguage |
String, single-valued |
String |
Preferred written or spoken language for a person. |
- © 2010, Oracle Corporation and/or its affiliates