Directory Attributes Overview

Some features require read or write access to seven attributes. The attribute values are in the user directories that are connected to the Policy Server. You map the directory user attributes to attributes in the User Attributes section. You can also use attribute mapping to define your own common names. You can map each name to user attribute names in multiple user directories.
sm1252sp1
Some features require read or write access to seven
CA Single Sign-On
attributes. The attribute values are in the user directories that are connected to the Policy Server. You map the directory user attributes to
CA Single Sign-On
attributes in the User Attributes section. You can also use attribute mapping to define your own common names. You can map each name to user attribute names in multiple user directories.
Each
CA Single Sign-On
attribute is associated with a data type and one or more directory types that are described in the following table. (R) indicates that the attribute requires read access. (RW) indicates that the attribute requires read/write access.
Attribute Name
Data Type
Directory Types
Description
Universal ID (R)
string
LDAP
Database
WinNT
Specifies the universal ID or user identifier that
CA Single Sign-On
passes to protected applications to maintain a user’s identity. This feature is a bridge between
CA Single Sign-On
and legacy applications, which often use attributes to identify a user.
The universal ID is also used in configuring Directory mapping.
Disabled Flag (RW)
string
LDAP
Database
Specifies the user’s account status.
Password Attribute (RW)
binary
LDAP
Database
Specifies the user’s password.
Password Data (RW)
binary
LDAP
Database
Is used to track password policy information.
Anonymous ID (RW)
string
LDAP
Database
Stores the DN of users who are authenticated using an anonymous authentication scheme.
Email (R)
string
LDAP
Database
This attribute is not currently used by a
CA Single Sign-On
feature.
Challenge/Response (RW)
string
LDAP
Specifies the question and answer pair that is used by the Forgotten Password feature in Password Services and DMS. The Challenge string is the password hint that is passed to the user.
You can specify the administrator credentials that the Policy Server uses to access the directory. These credentials have the same read and write access as the corresponding user attributes in the table.