To Specify a User Naming Attribute Other Than the User ID (uid) (Sun Java System Access Manager 7.1 Postinstallation Guide)

Sun Java System Access Manager 7.1 Postinstallation Guide

To Specify a User Naming Attribute Other Than the User ID (`uid`)

In the amsamplesilent file (or copy of the file), set the USER_NAMING_ATTR variable to the new attribute you want to use.

For example, for the mail attribute: USER_NAMING_ATTR=mail

Specify a valid naming attribute supported by Directory Server and in the default Access Manager supported naming attribute list. Or, if the naming attribute you want to use is not in the list of Access Manager supported attributes, add the attribute to the ums.xml and amUser.xml files, as described in the following steps.

In the ums.xml file, add the attribute to the list in the CreationTemplate for the BasicUser. For example, to use the mail attribute:

<SubConfiguration name="CreationTemplates" >
                    <SubConfiguration name="BasicUser" id="CreationUmsObjects">
                        <AttributeValuePair> <Attribute name="name" />
                            <Value>BasicUser</Value>
                        </AttributeValuePair>
                        <AttributeValuePair> <Attribute name="javaclass" />
                            <Value>com.iplanet.ums.User</Value>
                        </AttributeValuePair>
                        <AttributeValuePair> <Attribute name="required" />
                            <Value>objectClass=top</Value>
                            <Value>objectClass=person</Value>
                            <Value>objectClass=organizationalPerson</Value>
                            <Value>objectClass=inetOrgPerson</Value>
                            <Value>objectClass=iPlanetPreferences</Value>
                            <Value>objectClass=iplanet-am-user-service</Value>
                            <Value>objectClass=inetuser</Value>
                            <Value>objectClass=inetAdmin</Value>
                            <Value>objectClass=iplanet-am-managed-person</Value>
                            <Value>objectClass=sunAMAuthAccountLockout</Value>
                            <Value>cn=default</Value>
                            <Value>sn=default</Value>
                            <Value>uid</Value>
                            <Value>inetuserstatus=Active</Value>
                            <Value>mail</Value>
                        </AttributeValuePair>
                        <AttributeValuePair> <Attribute name="optional" />
                            <Value>*</Value>
                        </AttributeValuePair>
                        <AttributeValuePair> <Attribute name="namingattribute" />
                            <Value>uid</Value>
                        </AttributeValuePair>
                    </SubConfiguration>

Also in the ums.xml file, add the attribute to the BasicUserSearch template.

In the amUser.xml file, add the attribute (such as mail) to the <User> schema (if it is not already in the schema).

Run the amconfig script with the amsamplesilent file (or copy of the file) from Step 1.