LDAP Attributes

There are two attributes of the LDAP microfocus-MFDS-User class which control access to passtokens:

microfocus-MFDS-User-CreateToken
This controls the user's ability to create passtokens. It can have the following values:
  • self: The user can create normal passtokens (good only for that user).
  • any: The user can create surrogate passtokens for other users.
  • Any other value (and the default): The user cannot create passtokens.
microfocus-MFDS-User-UseToken
This allows a user to be signed on using a passtoken. It can have the following values:
  • self: The user can be signed in with a normal passtoken, but not a surrogate passtoken.
  • any: The user can be signed in with a normal or surrogate passtoken.
  • Any other value (and the default): The user cannot be signed in using a passtoken.