Setting the IdentityType directive

You should note that the IdentityType for the REMOTE_USER must be set for the authenticated user or the authentication will not succeed. In addition, the Centrify agent does not retrieve all Active Directory attributes, by default. If you specify an attribute that is not retrieved and cached by agent, authentication will fail. To guarantee that an attribute is retrieved by the agent, you can add it to the centrifydc.conf configuration file with the adclient.custom.attribute.user parameter.

For example, to specify mail as an attribute to cache, edit the configuration file and add the following line:

adclient.custom.attributes.user: mail

After editing the file, restart the adclient process and flush the cache with the following command:

/usr/share/centrifydc/bin/centrifydc restart -F