User attributes in classic Centrify zones

A user extension object is a serviceConnectionPoint object that is created in the Users sub-container of the zone. The pseudo‑attributes for this object are stored in the keywords attribute.

User attribute Stored in Active Directory attribute

UnixName

cn:userlogin

For SCP objects, the Name attribute is a logical pointer that is the same as the CN attribute. You can use either attribute to store the user’s UNIX login name.

For example:

cn:cain

UserVersion

displayName:UserVersion

This attribute determines compatibility between a user profile object and the Access Manager console. The only valid value for this attribute is $CimsUserVersion2.

For example:

displayName:$CimsUserVersion2

ParentLink

managedBy:DN_ActiveDirectoryUser

You can use the managedBy or keywords attribute to store the parentLink. If the zone is a 2.x and 3.x compatible zone, you should set this attribute to the DN of the parent Active Directory user object.

For example:

managedBy:cn=ben.lau,cn=users,dc=ice,dc=net

If the zone does not need to be compatible with older versions of Centrify software, you can use the keywords attribute and parentLink pseudo-attribute to specify the security identifier (SID) of the parent Active Directory user object.

For example:

keywords:parentLink:S-n-n-nn-nnn..

Uid

keywords:uid:value

For example:

keywords:uid:458

Gid

keywords:gid:value

For example:

keywords:gid:458

Home

keywords:home:value

For example:

keywords:home:/home/shea

Shell

keywords:shell:value

For example:

keywords:shell:/bin/bash

UnixEnabled

keywords:unix_enabled:value

For example:

keywords:unix_enabled:False

ForeignForest

keywords:foreign:value

This attribute indicates whether a user in a zone is from an external forest.

For example:

keywords:foreign:False

AppEnabled

This attribute is no longer used.