Documentation forAccess Rights Manager

Load additional LDAP attributes

This chapter details integrating additional Active Directory LDAP attributes into ARM that are not loaded by default.

 

In the Access Rights Manager configuration application under Change Configuration > Active Directory you find all the attributes for users, groups and computers that are already loaded.

 

To add further attributes the pnServer.config.xml configuration file has to be edited. The file is located under:

%ProgramData%\protected-networks.com\8MAN\cfg

 

Examples

The following example loads the additional attributes employeetype and wWWHomePage:

<changeConfiguration>
  <activeDirectory>
    <PropertiesToLoad type="System.String">employeetype;wWWHomePage</PropertiesToLoad>
    <PropertiesDetails>
      <employeetype>
        <AliasDisplayName type="System.String">Job Category</AliasDisplayName>
      </employeetype>
      <wWWHomePage>
        <AliasDisplayName type="System.String">Website</AliasDisplayName>
      </wWWHomePage>
    </PropertiesDetails>
  </activeDirectory>
</changeConfiguration>

 

It is also possible to load attributes of type boolean:

<changeConfiguration>
  <activeDirectory>
    <PropertiesToLoad type="System.String">msExchHideFromAddressLists</PropertiesToLoad>
    <PropertiesDetails>
      <msExchHideFromAddressLists>
        <TypeInfo>System.Boolean</TypeInfo>
        <AllowOnlyDefinedValues type="System.String">true</AllowOnlyDefinedValues>
        <DefinedValues type="System.String">FALSE;TRUE</DefinedValues>
        <IsChangeable type="System.String">true</IsChangeable>
        <CreationRule type="System.String">FALSE</CreationRule>
      </msExchHideFromAddressLists>
    </PropertiesDetails>
  </activeDirectory>
</changeConfiguration>

 

Screenshots property of © 2020 Microsoft.

Identify the correct attribute names with the help of the Active Directory Users and Computers console.
Enable "Advanced Features".

 

Screenshots property of © 2020 Microsoft.

Under the tab "Attribute Editor" you will find the attribute names that must be used.

 

Screenshots property of © 2020 Microsoft.

After saving the changes of the pnServer.config.xml file the Access Rights Manager service must be restarted. The next AD scan will include the additional attributes.

 

In order to be able to use the additionally loaded attributes, these must be set as available. This is done for the ARM application in the AD Change configuration by setting the checkboxes there.

How to set the attributes available in the Web client is described in the following chapter: Set attributes available to web client scenarios.