The above configuration will allow you to list users and groups. It will also allow you to perform some basic user profile operations. You should be able to change the following user profile information in the OpenSSO Console:
emailaddress
employeeNumber
telephonenumber — Active Directory will add it.
postalAddress — Home address in the Console. Active Directory will add it.
user alias list
However, you cannot do the following operations because of missing attributes or object classes:
Cannot create firstname, lastname, fullname.
Cannot create a group.
Cannot change the user authentication (iplanet-am-user-auth-config). No attribute exists.
Cannot change the user status (inetUserStatus). No attribute exists.
Cannot change the success URL (iplanet-am-user-success-url). No attribute exists.
Cannot change the failure URL (iplanet-am-user-failure-url). No attribute exists.
Cannot change the MSISDN number (sunIdentityMSISDNNumber). No attribute exists.
Cannot create a user or agent in OpenSSO Console. The user must be created in Active Directory.
Cannot change the user or agent password. This change must be done in Active Directory.