Skip to main content

Handling attributes

You can view the complete list of attributes that Bravura Security Fabric can manage, including native and pseudo-attributes, in the Manage the system (PSA) module. To do this, select Novell NDS from the Manage the system > Resources > Account attributes > Target system type menu.

This section describes the attributes that Bravura Security Fabric uses to compose values, set flags, or control behavior on NDS. For information about the native NDS attributes managed by Bravura Security Fabric, consult your NDS documentation.

_homedir_option The _homedir_option pseudo-attribute controls how Bravura Security Fabric should handle home directories, upon deletion of the owner’s account. You can set the value of _homedir_option to either:

  • delete – delete the home directory (default)

  • nodelete – do not delete the home directory

    You can override the configured action/value for the _homedir_option pseudo-attribute only at the target system and target system type levels. Overriding this attribute at the template level has no effect.

_sup_homedir_option This attribute is currently not used.

home directory If the template account has files in the home directory, they are not copied.

used by The used by attribute in NDS is ignored, as it is not applied in general cases.

Allowing users to specify the container DN

You can configure Bravura Security Fabric to use a profile/request attribute to prompt users for the destination container when creating or moving accounts on a target system that supports contexts.

When the Profile/request attribute to use as the container DN option is configured on the Target system information page, users can:

  • Set the destination container when creating new accounts.

    Users do this by setting the profile/request attribute value in the request form. By default, Bravura Security Fabric creates new accounts in the same container as the template. Without the profile/request attribute, you may need to set up identical templates for each container.

    If enabled when setting the target system address, Bravura Security Fabric can also create a container if a non-existing one is specified.

  • Move existing accounts on the target system to a different container.

    Users do this by setting the To container value – which is actually the profile/request attribute, but with a different name – on the move accounts page. Bravura Security Fabric only displays the move operation (the Move button) for users with accounts that can be moved between containers.

To allow users to select a container for a create account or move context operation:

  1. Add a profile attribute to provide a place to prompt the user for this information. To learn how to do this, see Profile and request attributes.

    It is recommended that you configure the profile attribute to have a set of restricted values, so that the requester or product administrator can select from a drop-down list.

  2. Ensure that you set read/write permissions for the profile attribute.

    To learn how to do this, see Attribute groups.

  3. Provide a group of users the "Move user from one context to another" rule.

    To learn how to do this, see Access to user profiles.

  4. Update the Target system information page by typing the name of the profile attribute in the Profile/request attribute to use as the container DN field.

    This allows Bravura Security Fabric to use the profile attribute for this purpose.

Creating Novell eDirectory alias accounts

Bravura Identity can create an NDS alias account when creating a new user. Aliases are used, for example, so that users don’t have to know what context they belong to when they log in.

Bravura Identity creates alias-type objects using two pseudo-attributes:

_aliasfirstpart The alias login name. If this attribute is not set, the login ID of the created account is used as the alias login name.

_aliascontainter The container context of the alias account.

For example, if a template account is

CN=sample.OU=People.0=Mercury

then _aliascontainer is set to

OU=Accounting.O=Mercury,

and:

  • _aliasfirstpart is alias4 and the requested profile ID is name1, then Bravura Identity creates:

    • User: CN=name1.OU=People,O=Mercury

    • Alias: CN=alias4.OU=Accounting,O=Mercury

  • _aliasfirstpart is not set and the requested profile ID is name1, then Bravura Identity creates:

    • User: CN=name1.OU=People,O=Mercury

    • Alias: CN=name1.OU=Move Users,O=Mercury

You must map profile attributes to set these pseudo-attributes. This is done in a similar way to the procedure described in Allowing users to specify the container DN.

In this section: