SubjectTemplate
Subject template singleton configuration to configure the contents of the internal representation of authenticated subjects that originate from local persistence. DirX Access distinguishes between LDAP attributes whose values are interpreted by DirX Access and LDAP attributes whose values are processed as opaque data. The Subject template allows configuration of standard and specific LDAP attributes that DirX Access is to interpret.
User object classes
The names of LDAP user object classes to be interpreted by DirX Access.
Default values are top, person, organizationalPerson,
inetOrgPerson
Group object classes
The names of LDAP group object classes to be interpreted by DirX Access.
Default value is groupOfUniqueNames
Determine group memberships
Whether or not group membership is determined when authenticating a user.
Organizational unit object classes
The names of an LDAP organizational unit object class to be interpreted
by DirX Access. Default value is organizationalUnit
Role association object classes
The names of LDAP role association object classes to be interpreted by
DirX Access. Default value is dxaRoleAssociationAuxClass
DirX Access alternative subject identifiers attribute
The LDAP attribute used for the DirX Access alternative subject
identifiers of a user. This LDAP attribute is used to store
user-specific data for different authentication methods. If the LDAP
attribute is specified, DirX Access needs write access to the User
Repository. The RFC 4226 authentication method supports an alternative
strategy depending on the presence of this configuration attribute. If
it’s not defined, this data is stored internally in the Configuration
Repository (using ou=DirX Access). Using given default requires the
DirX Access object class dxaUserAuxClass; LDAP attributes in other
object classes can also be configured.
DirX Access role assignments attribute
The LDAP attribute used for the DirX Access role assignments of a user.
Using given default requires the DirX Access object class
dxaRoleAssociationAuxClass; LDAP attributes in other object classes
can also be configured.
DirX Access last login date attribute
The LDAP attribute used to store the last login date of a user. Using
given default requires the DirX Access object class dxaUserAuxClass
DirX Access number of consecutive login failures attribute
The LDAP attribute used to store the number of consecutive login
failures for password-based schemes and internal validation. Using given
default requires the DirX Access object class dxaUserAuxClass
DirX Access status attribute
The LDAP attribute used to store the status of a user account. Using
given default requires the DirX Access object class dxaUserAuxClass
DirX Access locale attribute
The LDAP attribute used to store the locale of a user. Using given
default requires the DirX Access object class dxaUserAuxClass
DirX Access account expiration date attribute
The LDAP attribute used to store the expiration date of a user account.
Using given default requires the DirX Access object class
dxaUserAuxClass
DirX Access expired attribute
The LDAP attribute used to store the flag for account expiration. Using
given default requires the DirX Access object class dxaUserAuxClass
DirX Access account locked attribute
The LDAP attribute used to store the flag for account lock. Using given
default requires the DirX Access object class dxaUserAuxClass. It is
recommended to set the DirX Access account not locked keyword,
otherwise all user accounts will be locked.
DirX Access account not locked keyword
The keyword used to indicate the user account of being 'not-locked'. The keyword is not case-sensitive.
DirX Access password creation date attribute
The LDAP attribute used to store the creation date of a user password.
Using given default requires the DirX Access object class
dxaUserAuxClass
DirX Access password expiration date attribute
The LDAP attribute used to store the expiration date of a user password.
Using given default requires the DirX Access object class
dxaUserAuxClass
DirX Access password expired attribute
The LDAP attribute used to store the flag for password expiration. Using
given default requires the DirX Access object class dxaUserAuxClass
DirX Access password locked attribute
The LDAP attribute used to store the flag for password lock. Using given
default requires the DirX Access object class dxaUserAuxClass
DirX Access password history attribute
The LDAP attribute used to store user password history-related
information. Using given default requires the DirX Access object class
dxaUserAuxClass
Do enable 'member of' attribute
Whether or not the member of attribute and LDAP search optimization
for group memberships is enabled or disabled. For this to work you must
set the right attribute name for the Group member of attribute (e.g.,
dirxMemberOf, memberOf…). You also might need the initial index
set on the member attribute in DirX Directory.
Group 'member of' attribute
Name of the operational LDAP attribute within the user record containing the group membership of given user. According to the directory implementation it might contain also nested and dynamic groups (for more information, please, see documentation of your directory implementation).
Requested operational attributes
The names of LDAP operational attributes to be requested from the LDAP database. With the default value "+" DirX directory will return all available operational attributes. "+" should not be used with DirX directory if you are using the dirxMemberOf attribute, in that case list all needed operational attributes instead (e.g., createTimestamp, modifyTimestamp,…).
Last login time format
Time format that will be used to store the lastLogin timestamp in LDAP user shadow tree.
-
millisSinceEpoch: represents the number of milliseconds since the UNIX epoch (1st January 1970 00:00:00 UTC).
-
universalTime: time is represented in universal time format (yyyyMMddHHmmssZ) where Z symbolizes the UTC time.
-
Allowed Values:
-
millisSinceEpoch -
universalTime
-