Documentation forAccess Rights Manager

Load additional LDAP attributes

This chapter details integrating additional Active Directory LDAP attributes into ARM that are not loaded by default.


In the ARM configuration application under Change Configuration > Active Directory you find all the attributes for users, groups and computers that are already loaded.


To add further attributes the pnServer.config.xml configuration file has to be edited. The file is located under:




The following example loads the additional attributes employeetype and wWWHomePage:



<PropertiesToLoad type="System.String">employeetype;wWWHomePage</PropertiesToLoad>



<AliasDisplayName type="System.String">Job Category</AliasDisplayName>



<AliasDisplayName type="System.String">Website</AliasDisplayName>






It is also possible to load attributes of type boolean:



<PropertiesToLoad type="System.String">msExchHideFromAddressLists</PropertiesToLoad>




<AllowOnlyDefinedValues type="System.String">true</AllowOnlyDefinedValues>

<DefinedValues type="System.String">FALSE;TRUE</DefinedValues>

<IsChangeable type="System.String">true</IsChangeable>

<CreationRule type="System.String">FALSE</CreationRule>







Identify the correct attribute names with the help of the Active Directory Users and Computers console.
Enable "Advanced Features".


Under the tab "Attribute Editor" you will find the attribute names that must be used.


After saving the changes of the pnServer.config.xml file the ARM service must be restarted. The next AD scan will include the additional attributes.


In order to be able to use the additionally loaded attributes, these must be set as available. This is done for the ARM application in the AD Change configuration by setting the checkboxes there.

How to set the attributes available in the Web client is described in the following chapter: Set attributes available to web client scenarios.