Load additional LDAP attributes

You can integrate additional Active Directory LDAP attributes into ARM that are not loaded by default.

In the Access Rights Manager configuration application under Change Configuration > Active Directory, you can locate all the currently loaded attributes for users, groups and computers.

To add additional attribute, edit the pnServer.config.xml configuration file located at:

%ProgramData%\protected-networks.com\8MAN\cfg

Examples

The following example loads the additional attributes employeetype and wWWHomePage:

<changeConfiguration>
  <activeDirectory>
    <PropertiesToLoad type="System.String">employeetype;wWWHomePage</PropertiesToLoad>
    <PropertiesDetails>
      <employeetype>
        <AliasDisplayName type="System.String">Job Category</AliasDisplayName>
      </employeetype>
      <wWWHomePage>
        <AliasDisplayName type="System.String">Website</AliasDisplayName>
      </wWWHomePage>
    </PropertiesDetails>
  </activeDirectory>
</changeConfiguration>

You can also load boolean attribute types:

<changeConfiguration>
  <activeDirectory>
    <PropertiesToLoad type="System.String">msExchHideFromAddressLists</PropertiesToLoad>
    <PropertiesDetails>
      <msExchHideFromAddressLists>
        <TypeInfo>System.Boolean</TypeInfo>
        <AllowOnlyDefinedValues type="System.String">true</AllowOnlyDefinedValues>
        <DefinedValues type="System.String">FALSE;TRUE</DefinedValues>
        <IsChangeable type="System.String">true</IsChangeable>
        <CreationRule type="System.String">FALSE</CreationRule>
      </msExchHideFromAddressLists>
    </PropertiesDetails>
  </activeDirectory>
</changeConfiguration>

Identify the correct attribute names

You can identify the correct attribute names using the Active Directory Users and Computers console in Windows.

1. Log in to the ARM server as an administrator.

2. Navigate to the Active Directory Users and Computers console.

3. Select an attribute name.

4. Click View > Advanced Features.

   

5. Click the Attribute Editor tab to locate the attribute names that must be used.

   

6. In the attribute editor, locate and the select the names that must be used, and then click OK.

7. After saving the pnServer.config.xml file changes, open the Services console.

8. Right-click ARM Service and select Restart. The next AD scan will include the additional attributes.

   

Using the new attributes

The new loaded attributes must be set as available in the Active Directory change configuration. See Select available LDAP attributes located in Customize the Active Directory (AD) change configuration for instructions.

See Set attributes available to web client scenarios located in Customize AD attributes properties for instructions on how to set the attributes available in the Web client.