There are two object classes for the user extension object created in the Users sub‑container of the zone: the serviceConnectionPoint object class and the posixAccount object class.
| User attribute | Stored in Active Directory attribute |
|
UnixName |
cn:userlogin and uid:userlogin For example: uid:cain |
|
UserVersion |
displayName:UserVersion This attribute determines compatibility between a user profile object and the Access Manager console. The only valid value for this attribute is $CimsUserVersion3. For example: displayName:$CimsUserVersion3 |
|
Uid |
uidNumber:value For example: uidNumber:458 |
|
Gid |
gidNumber:value For example: gidNumber:458 |
|
Home |
unixHomeDirectory:value For example: unixHomeDirectory:/home/shea |
|
Shell |
loginShell:value For example: loginShell:/bin/bash |
|
ParentLink |
managedBy:DN_ActiveDirectoryUser If the zone is a 2.x and 3.x compatible zone, you should set this attribute to the DN of the parent Active Directory user object. For example: managedBy:cn=ben’lau,cn=users,dc=ice,dc=net If the zone does not need to be compatible with older versions of Centrify software, you can use the keywords attribute and parentLink pseudo-attribute to specify the security identifier (SID) of the parent Active Directory user object. For example: keywords:parentLink:S-n-n-nn-nnn.. |
|
UnixEnabled |
keywords:unix_enabled:value For example: keywords:unix_enabled:True |
|
ForeignForest |
keywords:foreign:value This attribute indicates whether a user in a zone is from an external forest. For example: keywords:foreign:False |
Note: The attribute name unixHomeDirectory is not RFC 2307‑compliant. Microsoft used this name because the attribute homeDirectory was already used in Active Directory.
Doc Feedback