Customize AD attributes properties
You can define properties details to AD attributes to standardize and simplify the process of creating new AD objects.
Values entered using customized templates are not subject to the restrictions defined in this section.
Available properties
The following table lists the available properties you can use to define properties details to AD attributes.
| Property | Description |
|---|---|
| AliasDisplayName | Sets an alternate display name for the use in ARM. |
| AllowOnlyDefinedValues |
Only predefined values can be selected. Use this value together with DefinedValues. |
| DefinedValues |
The predefined values for the attribute, separated by semicolons. The values are available in ARM as a drop down list. Use this value together with AllowOnlyDefinedValues. |
| CreationRule | Defines a creation rule for the attribute. |
| ValidationRule |
Regular expression for checking the entered value. Use this value together with ValidationInformation. |
| The input is mandatory. | |
| IsHidden | The Attribute is hidden in all ARM views and reports. |
| IsChangeable |
If set to false, the value can not be modified within ARM. This value is not valid for creating objects. Also see IsInitialConfigurable. |
| IsInitialConfigurable |
If set to true, the value can be modified during creating objects. Also see IsChangeable. |
| SortIndex | Allows you to define the display order of the properties in the Account view, Creation overlay, and Edit overlay using an integer value. The smaller the value, the higher the attribute is placed. |
| IsObjectSearchable | If set to true, the attribute is included in the ARM search for AD objects. |
AliasDisplayName
Sets an alternate display name for the use in ARM.
Example
<l>
<AliasDisplayName type="System.String">City</AliasDisplayName>
</l>AllowOnlyDefinedValues
Only predefined values can be selected. Use this value together with DefinedValues.
Example
<postalCode>
<AllowOnlyDefinedValues type="System.String">true</AllowOnlyDefinedValues>
<DefinedValues type="System.String">12345;67890</DefinedValues>
</postalCode>DefinedValues
The predefined values for the attribute, separated by semicolons. The values are available in ARM as a drop down list. Use this value together with AllowOnlyDefinedValues.
Example
<postalCode>
<AllowOnlyDefinedValues type="System.String">true</AllowOnlyDefinedValues>
<DefinedValues type="System.String">12345;67890</DefinedValues>
</postalCode>CreationRule
Defines a creation rule for the attribute.
Example
<mail>
<CreationRule type="System.String">{givenname}.{sn}@[fqdn]</CreationRule>
</mail>ValidationRule
Regular expression for checking the entered value. Use this value together with ValidationInformation.
Example
<telephoneNumber>
<ValidationRule type="System.String">^[+]\d{1,4}[ ][^0]\d{1,5}[ ]\d{1,32}[-]\d{1,8}</ValidationRule>
<ValidationInformation type="System.String">The phone number does not match the requirements.</ValidationInformation>
</telephoneNumber>ValidationInformation
Displays a help text for the validation rule. Use it together with ValidationRule.
Example
<telephoneNumber>
<ValidationRule type="System.String">^[+]\d{1,4}[ ][^0]\d{1,5}[ ]\d{1,32}[-]\d{1,8}</ValidationRule>
<ValidationInformation type="System.String">The phone number does not match the requirements.</ValidationInformation>
</telephoneNumber>IsRequired or Essential
The input is mandatory.
Example
<streetAddress>
<IsRequired type="System.String">true</IsRequired>
</streetAddress>IsHidden
The Attribute is hidden in all ARM views and reports.
Example
<streetAddress>
<IsHidden type="System.String">true</IsHidden>
</streetAddress>IsChangeable
If set to false, the value can not be modified within ARM. This value is not valid for creating objects.
Also see IsInitialConfigurable.
Example
<streetAddress>
<IsChangeable type="System.String">true</IsChangeable>
</streetAddress>IsInitialConfigurable
If set to true, the value can be modified during creating objects. Also see IsChangeable.
Example
<streetAddress>
<IsInitialConfigurable type="System.String">true</IsInitialConfigurable>
</streetAddress>SortIndex
Allows you to define the display order of the properties in the Account view, Creation overlay, and Edit overlay using an integer value. The smaller the value, the higher the attribute is placed.
Example
<streetAddress>
<SortIndex type="System.String">1500</SortIndex>
</streetAddress>Please refer to the list of default LDAP properties and sort index values below.
IsObjectSearchable
If set to true, the attribute is included in the ARM search for AD objects.
Example
<streetAddress>
<IsObjectSearchable type="System.String">true</IsObjectSearchable>
</streetAddress>LDAP attributes read by default
The following table lists the LDAP attributes and their sort index values ARM reads by default during an AD scan.
| LDAP Attribute | SortIndex Default |
|---|---|
| "accountexpires" | 1000 |
| "admincount" | 2000 |
| "cn" | 3000 |
| "comment" | 4000 |
| "company" | 5000 |
| "dc" | 6000 |
| "department" | 7000 |
| "description" | 8000 |
| "distinguishedname" | 9000 |
| "displayname" | 10000 |
| "employeeid" | 11000 |
| "employeetype" | 11500 |
| "flags" | 12000 |
| "givenname" | 13000 |
| "grouptype" | 14000 |
| "homedirectory" | 15000 |
| "homedrive" | 16000 |
| "homephone" | 17000 |
| "info" | 18000 |
| "initials" | 19000 |
| "jpegphoto" | 50000 |
| "thumbnailphoto" | 51000 |
| "lastlogon" | 20000 |
| "lastlogontimestamp" | 21000 |
| "managedby" | 21250 |
| "manager" | 21500 |
| "mail" | 22000 |
| "member" | 23000 |
| "memberof" | 24000 |
| "mobile" | 25000 |
| "name" | 26000 |
| "objectclass" | 27000 |
| "objectguid" | 28000 |
| "objectsid" | 29000 |
| "operatingsystem" | 30000 |
| "operatingsystemservicepack" | 31000 |
| "operatingsystemversion" | 32000 |
| "ou" | 33000 |
| "personaltitle" | 34000 |
| "primarygroupid" | 35000 |
| "profilepath" | 36000 |
| "proxyaddresses" | 36500 |
| "samaccountname" | 37000 |
| "samaccounttype" | 38000 |
| "scriptpath" | 39000 |
| "sidhistory" | 40000 |
| "sn" | 41000 |
| "subrefs" | 42000 |
| "systemflags" | 43000 |
| "telephonenumber" | 44000 |
| "title" | 45000 |
| "useraccountcontrol" | 46000 |
| "userprincipalname" | 47000 |
Set attributes available to web client scenarios
The Change personal information action is available in the cockpit and some Web client scenarios. ARM loads a standard set of attributes. The standard set is identical for all roles. You can adjust which attributes are available for each ARM role.
To perform this task, extend the pnserver.config.xml file located at:
%programdata%\protected-networks.com\8MAN\cfg
The changes are applied without restarting the ARM service.
Example
The line numbers are for explanation purposes only.
01 <WebClient.Cockpit.ChangeAttributes.Manager>
02 postalCode;l;physicalDeliveryOfficeName;telephoneNumber;facsimileTelephoneNumber
03 </WebClient.Cockpit.ChangeAttributes.Manager>
Line 01 and 03
Specify which role the configuration should apply to. The following roles are possible:
Access Rights Manager role
WebClient.Cockpit.ChangeAttributes.Administrator
WebClient.Cockpit.ChangeAttributes.JuniorAdministrator
WebClient.Cockpit.ChangeAttributes.DataOwner0
WebClient.Cockpit.ChangeAttributes.DataOwner1
WebClient.Cockpit.ChangeAttributes.DataOwner2
WebClient.Cockpit.ChangeAttributes.DataOwner3
WebClient.Cockpit.ChangeAttributes.DataOwner4
WebClient.Cockpit.ChangeAttributes.Read
WebClient.Cockpit.ChangeAttributes.Requester
WebClient.Cockpit.ChangeAttributes.Manager
Self Service in the cockpit: "Change my personal information"
WebClient.Cockpit.ChangeAttributes.SelfService
Line 02
The list of attributes to be available. You can only use attributes that are included in the AD scan.