Sun and OracleChannel SunHow to BuyLog InEnglish

Sun Java System Access Manager 7.1 Postinstallation Guide
  Search only this book
Search Help
Contained Within
Find More Documentation
Featured Support Resources
 Download this book in PDF (1704 KB)

Appendix B Access Manager User LDAP Entries

A Sun JavaTM System Access Manager deployment that stores users in an LDAP directory other than Sun Java System Directory Server must add the following object classes and attributes to the directory schema:

For example, if you have configured a generic LDAPv3 repository plug-in or a Microsoft® Active Directory plug-in for a realm, you must create and add the user schema to the datastore. You must perform this operation manually, because pre-populated LDIF files are not currently available to use.

Object Classes

iplanet-am-session-service Object Class

Supported by: Access Manager

Definition: Contains session service related attributes.

Superior Class: top

Object Class Type: auxiliary

Required Attributes: none

Allowed Attributes:

iplanet-am-user-service Object Class

Supported by: Access Manager

Definition: Contains the Access Manager attributes necessary to manage user accounts.

Superior Class: top

Object Class Type: auxiliary

Required Attributes: none

Allowed Attributes:

iplanet-am-managed-person Object Class

Supported by: Access Manager

Definition: Contains Access Manager attributes used to manage users.

Superior Class: top

Object Class Type: auxiliary

Required Attributes: none

Allowed Attributes:

sunAMAuthAccountLockout Object Class

Supported by: Access Manager

Definition: Contains Access Manager attributes used to manage invalid login attempts and user lock out.

Superior Class: top

Object Class Type: auxiliary

Required Attributes: none

Allowed Attributes:

inetUser Object Class

Supported by: Sun One Directory Server

Definition: Auxiliary class that has to be present in an entry for delivery of subscriber services.

Superior Class: top

Object Class Type: auxiliary

Required Attributes: none

Allowed Attributes:

iplanet-am-saml-service Object Class

Supported by: Access Manager

Definition: Contains SAML service related attributes.

Superior Class: top

Object Class Type: auxiliary

Required Attributes: none

Allowed Attributes:

sunIdentityServerDiscoveryService Object Class

Supported by: Access Manager

Definition: Contains Discovery Service related attributes.

Superior Class: top

Object Class Type: auxiliary

Required Attributes: none

Allowed Attributes:

sunIdentityServerLibertyPPService Object Class

Supported by: Access Manager

Definition: Contains session service related personal profile (PP) attributes.

Superior Class: top

Object Class Type: auxiliary

Required Attributes: none

Allowed Attributes:

Attributes

iplanet-am-session-service Object Class Attributes

iplanet-am-session-max-session-time

Syntax: string

Description: Specifies the maximum session service Time

iplanet-am-session-max-idle-time

Syntax: string

Description: Specifies the maximum session idle time.

iplanet-am-session-max-caching-time

Syntax: string

Description: Specifies the maximum session caching time.

iplanet-am-session-quota-limit

Syntax: string

Description: Specifies the session quota constraints.

iplanet-am-session-service-status

Syntax: string

Description: Specifies the maximum session service status.

iplanet-am-session-get-valid-sessions

Syntax: string

Description: Specifies the get valid sessions.

iplanet-am-session-destroy-sessions

Syntax: string

Description: Specifies destroy session.

iplanet-am-session-add-session-listener-on-all-sessions

Syntax: string

Description: Specifies add session listener on all sessions.

iplanet-am-user-service Object Class Attributes

iplanet-am-user-admin-start-dn

Supported by: Access Manager

Syntax: dn, single-valued

Description: Specifies the starting point node (DN) displayed in the starting view of the Access Manager Console when this administrator logs in.

iplanet-am-user-alias-list

Syntax: string

Description: Specifies the user alias names list.

iplanet-am-user-auth-config

Syntax: string

Description: Specifies the user authentication configuration.

sunIdentityMSISDNNumber

Syntax: string

Description: Specifies the user Mobile Station Integrated Services Digital Network (MSISDN) number.

iplanet-am-user-failure-url

Syntax: string

Description: Specifies the redirection URL for a failed user authentication.

iplanet-am-user-success-url

Syntax: string

Description: Specifies the redirection URL for a successful user authentication.

iplanet-am-user-login-status

Syntax: string, single-valued

Description: Specifies the user login status:

  • Active - User is allowed to authenticate through the Access Manager.

  • Inactive - User is not allowed to authenticate through the Access Manager.

iplanet-am-user-password-reset-force-reset

Syntax: string

Description: Specifies the Password Reset Force Reset password.

iplanet-am-user-password-reset-options

Supported by: Access Manager

Syntax: string, single-valued

Description: Specifies options used by the Access Manager password reset module.

iplanet-am-user-password-reset-question-answer

Supported by: Access Manager

Syntax: string, single-valued

Description: Specifies the password question and answer used to prompt a user who has forgotten the password. The format is question answer.

iplanet-am-user-service-status

Supported by: Access Manager

Syntax: dn, single-valued

Description: Specifies the status of the user for various services.

iplanet-am-user-federation-info-key

Syntax: string

Description: Specifies the user Federation information key.

iplanet-am-user-federation-info

Syntax: string

Description: Specifies user Federation information.

iplanet-am-managed-person Object Class Attributes

iplanet-am-modifiable-by

Supported by: Access Manager

Syntax: dn, multi-valued

Description: Specifies the role-dn of the administrator who has access rights to modify this user entry. By default, the value is set to the role-dn of the administrator who created the account.

iplanet-am-role-aci-description

Supported by: Access Manager

Syntax: string, multi-valued

Description: Specifies the description of the ACI that belongs to this role.

iplanet-am-static-group-dn

Supported by: Access Manager

Syntax: dn, multi-valued

Description: Defines the DNs for the static groups that this user belongs to.

iplanet-am-user-account-life

Syntax: date string, single-valued

Description: Specifies the account expiration date in the following format:

yyyy/mm/dd hh:mm:ss

sunAMAuthAccountLockout Object Class Attributes

sunAMAuthInvalidAttemptsData

Syntax: string

Description: Specifies XML data for invalid login attempts.

inetUser Object Class Attributes

inetUserStatus

Syntax: string

Possible values: "active", "inactive", or "deleted"

Description: Specifies the status of a user.

iplanet-am-saml-service Object Class Attributes

iplanet-am-saml-user

Syntax: string

Description: Specifies the SAML user ID.

iplanet-am-saml-password

Syntax: string

Description: Specifies the SAML user password.

sunIdentityServerDiscoveryService Object Class Attributes

sunIdentityServerDynamicDiscoEntries

Syntax: string

Description: Specifies the dynamic disco entries.

sunIdentityServerLibertyPPService Object Class Attributes

sunIdentityServerPPCommonNameCN

Syntax: string

Description: Specifies the Liberty PP common name.

sunIdentityServerPPCommonNameAltCN

Syntax: string

Description: Specifies the Liberty PP alternate common name.

sunIdentityServerPPCommonNameFN

Syntax: string

Description: Specifies the Liberty PP common name first name.

sunIdentityServerPPCommonNameSN

Syntax: string

Description: Specifies the Liberty PP common name surname.

sunIdentityServerPPCommonNamePT

Syntax: string

Description: Specifies the Liberty PP common name first name personal title.

sunIdentityServerPPCommonNameMN

Syntax: string

Description: Specifies the Liberty PP common name middle name.

sunIdentityServerPPInformalName

Syntax: string

Description: Specifies the Liberty PP informal name.

sunIdentityServerPPLegalIdentityLegalName

Syntax: string

Description: Specifies the Liberty PP legal name.

sunIdentityServerPPLegalIdentityDOB

Syntax: string

Description: Specifies the Liberty PP date of birth.

sunIdentityServerPPLegalIdentityMaritalStatus

Syntax: string

Description: Specifies the Liberty PP marital status.

sunIdentityServerPPLegalIdentityGender

Syntax: string

Description: Specifies the Liberty PP gender.

sunIdentityServerPPLegalIdentityAltIDType

Syntax: string

Description: Specifies the Liberty PP alternate identity type.

sunIdentityServerPPLegalIdentityAltIDValue

Syntax: string

Description: Specifies the Liberty PP alternate identity value.

sunIdentityServerPPLegalIdentityVATIDType

Syntax: string

Description: Specifies the Liberty PP legal identity VATID type.

sunIdentityServerPPLegalIdentityVATIDValue

Syntax: string

Description: Specifies the Liberty PP legal identity VATID value.

sunIdentityServerPPEmploymentIdentityJobTitle

Syntax: string

Description: Specifies the Liberty PP job title.

sunIdentityServerPPEmploymentIdentityOrg

Syntax: string

Description: Specifies the Liberty PP employment organization.

sunIdentityServerPPEmploymentIdentityAltO

Syntax: string

Description: Specifies the Liberty PP alternate employment organization.

sunIdentityServerPPAddressCard

Syntax: string

Description: Specifies the Liberty PP address card.

sunIdentityServerPPMsgContact

Syntax: string

Description: Specifies the Liberty PP message contact.

sunIdentityServerPPFacadeMugShot

Syntax: string

Description: Specifies the Liberty PP façade mug shot.

sunIdentityServerPPFacadeWebSite

Syntax: string

Description: Specifies the Liberty PP façade website.

sunIdentityServerPPFacadeNamePronounced

Syntax: string

Description: Specifies the Liberty PP façade name pronounced.

sunIdentityServerPPFacadeGreetSound

Syntax: string

Description: Specifies the Liberty PP façade greet sound.

sunIdentityServerPPFacadeGreetMeSound

Syntax: string

Description: Specifies the Liberty PP façade greet me sound.

sunIdentityServerPPDemographicsDisplayLanguage

Syntax: string

Description: Specifies the Liberty PP demographics display language.

sunIdentityServerPPDemographicsLanguage

Syntax: string

Description: Specifies the Liberty PP demographics language.

sunIdentityServerPPDemographicsBirthday

Syntax: string

Description: Specifies the Liberty PP demographics birthday.

sunIdentityServerPPDemographicsAge

Syntax: string

Description: Specifies the Liberty PP demographics age.

sunIdentityServerPPDemographicsTimeZone

Syntax: string

Description: Specifies the Liberty PP demographics time zone.

sunIdentityServerPPSignKey

Syntax: string

Description: Specifies the Liberty PP signing key.

sunIdentityServerPPEncryptKey

Syntax: string

Description: Specifies the Liberty PP encryption key.

sunIdentityServerPPEmergencyContact

Syntax: string

Description: Specifies the Liberty PP emergency contact.