Extending the User Store with imUserAux Object Class

In order to add attributes to the Out of the Box Environment beyond the included business and custom attributes, you can use the imUserAux Object Class.
test
In order to add attributes to the Out of the Box Environment beyond the included business and custom attributes, you can use the imUserAux Object Class.
Do not change the 
im.dxg
 or 
im_user.dxc
 file, as changes in those files may be overwritten when the software gets updated. Modify only the 
im_user_aux.dxc
 file.
Backup CA Identity Manager User Store Data
On the main user store directory server, as a "dsa" user, back up the user store using dxdumpdb tool.
su – dsa
dxserver stop UserStore_userstore-01
dxdumpdb –f UserStore.ldif UserStore_userstore-01
dxserver start UserStore_userstore-01
This generates a UserStore.ldif backup of the user store.
Backup CA Identity Manager User Store XML
Export the user store XML from the CA Identity Manager Management Console.
Extend CA Directory Schema
As a "dsa" user, update the im_user_aux.dxc file in ~dsa/config/schema, and add the attributes and name binding information.
# IM Unified User (UU)Auxiliary Schema schema set oid-prefix im-UUA-attr = (1.3.6.1.4.1.791.2.3.5.3.6485.1); schema set oid-prefix im-UUA-oc = (1.3.6.1.4.1.791.2.3.5.3.6485.2); schema set oid-prefix im-UUA-nb = (1.3.6.1.4.1.791.2.3.5.3.6485.3); # IM Unified User Aux Schema (UUA): Attribute Type Definitions schema set attribute im-UUA-attr:1={ name = auxAttrOne ldap-names = auxAttrOne equality = caseIgnoreMatch syntax = directoryString single-valued }; schema set attribute im-UUA-attr:2={ name = auxAttrTwo ldap-names = auxAttrTwo equality = caseIgnoreMatch syntax = directoryString }; schema set object-class im-UUA-oc:1 = { name = imUserAux kind = auxiliary may-contain auxAttrOne, auxAttrTwo }; # Name Bindings. schema set name-binding im-UUA-nb:1 = { name = imUserAux-o imUser allowable-parent organization named-by commonName optional surname, dnQualifier }; schema set name-binding im-UUA-nb:2 = { name = imUserAux-ou imUser allowable-parent organizationalUnit named-by commonName optional surname, dnQualifier }; schema set name-binding im-UUA-nb:3 = { name = imUser2Aux-o imUser allowable-parent organization named-by cosineUserid }; schema set name-binding im-UUA-nb:4 = { name = imUser2Aux-ou imUser allowable-parent organizationalUnit named-by cosineUserid };
 
Notes:
 
  • Attributes can be named freely as long as they do not conflict with imUser or X500 scheme names.
  • The object class must be named imUserAux.
  • Schema files must be updated on any host that runs a user store or CA Identity Manager service.
  • After update, all user-store and router DSAs need to be reinitialized (using “dxserver init”).
Update objectClass Attributes for Users in CA Identity Manager User Store Data
Use an LDAP management tool or update the backed-up UserStore.ldif file to change all managed users objectClass to “imUserAux,ImUser,Top”.
Ensure that dsaadmin includes these objectClasses as well.
Restore CA Identity Manager User Store Data
If data was updated directly using an LDAP management tool, this step can be skipped.
If not, restore the updated data using the dxloaddb tool.
su - dsa dxserver stop UserStore_userstore-01 dxloaddb UserStore_userstore-01 UserStore.ldif dxserver start UserStore_userstore-01
If there are multiple user store servers, follow the Transaction Log and Data Recovery instruction in the CA Directory documentation, using dxloaddb to recover the data, instead of the db.z files.
Update CA Identity Manager User Store XML
  • Update the 
    User
     Managed object to include the imUserAux objectClass.
    <ImsManagedObject name="User" description="My Users" objectclass="top,imUser,imUserAux" pagesize="0" maxrows="0" objecttype="USER"/>
  • Add any additional custom attributes to the 
    User
     Managed object.
    <ImsManagedObjectAttr physicalname="attName" description="Description" displayname="Attribute Name" valuetype="String" wellknown="%ATT_NAME%" maxlength="0"/>
  • Load the updated user store XML to CA Identity Manager Management Console.
  • Restart the Identity Management Environment.