LDAP attributes are available for all policies. LDAP attribute names can be created on the Custom Attributes page or in the associated policy that consumes them. The attribute names that you specify must match the name of an attribute of the user class in your LDAP user store.
Click Devices > Identity Servers > Shared Settings > Custom Attributes.
This list contains the attributes for the inetOrgPerson class. It is customizable.
audio: Uses a u-law encoded sound file that is stored in the directory.
businessCategory: Describes the kind of business performed by an organization.
carLicense: Vehicle license or registration plate.
cn: The X.500 commonName attribute, which contains a name of an object. If the object corresponds to a person, it is typically the person’s full name.
departmentNumber: Identifies a department within an organization.
displayName: The preferred name of a person to be used when displaying entries. When displaying an entry, especially within a one-line summary list, it is useful to use this value. Because other attribute types such as cn are multivalued, an additional attribute type is needed.
employeeNumber: Numerically identifies a person within an organization.
employeeType: Identifies the type of employee.
givenName: Identifies the person’s name that is not his or her surname or middle name.
homePhone: Identifies a person by home phone.
homePostalAddress: Identifies a person by home address.
initials: Identifies a person by his or her initials. This attribute contains the initials of an individual, but not the surname.
jpegPhoto: Stores one or more images of a person, in JPEG format.
labeledURI: Uniform Resource Identifier with an optional label. The label describes the resource to which the URI points.
mail: A user’s e-mail address.
manager: Identifies a person as a manager.
mobile: Specifies a mobile telephone number associated with a person.
o: The name of an organization.
pager: The pager telephone number for an object.
photo: Specifies a photograph for an object.
preferredLanguage: Indicates an individual’s preferred written or spoken language.
roomNumber: The room number of an object.
secretary: Specifies the secretary of a person.
sn: The X.500 surname attribute, which contains the family name of a person.
uid: User ID.
userCertificate: An attribute stored and requested in the binary form.
userPKCS12: A format to exchange personal identity information. Use this attribute when information is stored in a directory service.
userSMIMECertificate: PKCS#7 SignedData used to support S/MIME. This value indicates that the content that is signed is ignored by consumers of userSMIMECertificate values.
x500uniqueIdentifier: Distinguishes between objects when a distinguished name has been reused. This is a different attribute type from both the uid and the uniqueIdentifier type.
Add a name:
Click New.
If you want the attribute to return raw data instead of binary data, select 64-bit Encode Attribute Data.
Click OK.
To modify the 64-bit attribute data encoding, select an attribute, and click one of the following options:
Set Encode: Specifies that LDAP returns a raw format of the attribute rather than binary format. Access Manager encodes to base64, so that the protected resource understands the attribute. Use the base64 encoding if certificates require raw bites rather than the binary string format.
Clear Encode: Deletes the 64-bit data encoding setting.
Click Apply.
Click the Servers tab to return to the Servers page.