User Attributes in Classic RFC 2307 Zones
There are two object classes for the user extension object created in the Users
subcontainer of the zone: the serviceConnectionPoint object class and the
posixAccount object class.
| User attribute | Stored in Active Directory attribute |
|---|---|
UnixName
|
cn:userlogin and uid:userlogin For example: uid:cain |
UserVersion
|
displayName:UserVersion This attribute determines compatibility between a user profile object and the Access Manager console. The only valid value for this attribute is \$CimsUserVersion3. For example: displayName:\$CimsUserVersion3 |
Uid
|
uidNumber:value For example: uidNumber:458 |
Gid
|
gidNumber:value For example: gidNumber:458 |
Home
|
unixHomeDirectory:value For example: unixHomeDirectory:/home/shea |
Shell
|
loginShell:value For example: loginShell:/bin/bash |
ParentLink
|
managedBy:DN_ActiveDirectoryUser If the zone is a 2.x and 3.x compatible zone, you should set this attribute to the DN of the parent Active Directory user object. For example: managedBy:cn=ben’lau,cn=users,dc=ice,dc=net If the zone does not need to be compatible with older versions of Server Suite software, you can use the keywords attribute and parentLink pseudo-attribute to specify the security identifier (SID) of the parent Active Directory user object. For example: keywords:parentLink:S-n-n-nn-nnn.. |
UnixEnabled
|
keywords:unix_enabled:value For example: keywords:unix_enabled:True |
ForeignForest
|
keywords:foreign:value This attribute indicates whether a user in a zone is from an external forest. For example: keywords:foreign:False |
The attribute name unixHomeDirectory is not RFC 2307compliant.
Microsoft used this name because the attribute homeDirectory was already used in
Active Directory.
