User attributes in classic Centrify zones
A user extension object is a serviceConnectionPoint object that is created in the Users sub-container of the zone. The pseudo‑attributes for this object are stored in the keywords attribute.
User attribute | Stored in Active Directory attribute |
UnixName |
cn:userlogin For SCP objects, the Name attribute is a logical pointer that is the same as the CN attribute. You can use either attribute to store the user’s UNIX login name. For example: cn:cain |
UserVersion |
displayName:UserVersion This attribute determines compatibility between a user profile object and the Access Manager console. The only valid value for this attribute is $CimsUserVersion2. For example: displayName:$CimsUserVersion2 |
ParentLink |
managedBy:DN_ActiveDirectoryUser You can use the managedBy or keywords attribute to store the parentLink. If the zone is a 2.x and 3.x compatible zone, you should set this attribute to the DN of the parent Active Directory user object. For example: managedBy:cn=ben.lau,cn=users,dc=ice,dc=net If the zone does not need to be compatible with older versions of Centrify software, you can use the keywords attribute and parentLink pseudo-attribute to specify the security identifier (SID) of the parent Active Directory user object. For example: keywords:parentLink:S-n-n-nn-nnn.. |
Uid |
keywords:uid:value For example: keywords:uid:458 |
Gid |
keywords:gid:value For example: keywords:gid:458 |
Home |
keywords:home:value For example: keywords:home:/home/shea |
Shell |
keywords:shell:value For example: keywords:shell:/bin/bash |
UnixEnabled |
keywords:unix_enabled:value For example: keywords:unix_enabled:False |
ForeignForest |
keywords:foreign:value This attribute indicates whether a user in a zone is from an external forest. For example: keywords:foreign:False |
AppEnabled |
This attribute is no longer used. |