Additional Configuration Attributes

Note
For more information on SailPoint's REST APIs, refer to Best Practices: REST API Authentication and REST API - Update Source (Partial) in the SailPoint Developer Community.

Use the following attributes to configure additional features available in the connector.

Configure this attribute with a value of true if the unlock operation requires changing the user password with the existing password used to unlock the user account.

The entitlement attribute name in the account schema should always be groups. If you need to change it to some other name, make sure that the groupEntitlementAttr value from the source is updated to reflect the modified account entitlement attribute name.

For example, if the account entitlement attribute name is posixgroups, then add the following entry in the source XML using the REST APIs:

Copy 
[
  {
    “op”: “add”,
    “path”: “/connectorAttributes/groupEntitlementAttr”,
    “value”: posixgroups
  }
]

Note
For more information on SailPoint's REST APIs, refer to Best Practices: REST API Authentication and REST API - Update Source (Partial) in the SailPoint Developer Community.

Configuration for Binary Type Attributes

If the attributes value in the LDAP server is stored in binary format, ensure to add the following attributes to the source configuration:

This specifies which LDAP attributes should be fetched in binary format.

Important

This is an optional attribute. If the unique account attribute (like a UUID) is binary, you must include it in this list to ensure move and rename operations work correctly.

To handle attributes for non-AD LDAP/ADAM/EDirectory servers (such as OpenLDAP or Tivoli), add the multi-valued attributesInBinaryFormat attribute to the source configuration.

  1. Update the PATCH request payload by adding the following attributes:

    [
        {
            "op": "add",
            "path": "/connectorAttributes/attributesInBinaryFormat",
            "value": [<binaryAttribute_1>, <binaryAttribute_2>, <uuid_Attribute>]
        }
    ]

  2. Perform the PATCH request to the source endpoint.

    PATCH /v3/sources/:id

This boolean attribute determines how binary attributes are converted to strings for processing. The format can be either little-endian (such as in Microsoft AD, ADAM) or big-endian (such as in Novell eDirectory).

Add the uuidInLittleEndianFormat attribute to specify the correct conversion method.

  • false : Attributes are converted to strings in big-endian format. This is a default value.

  • true: Attributes are converted to strings in little-endian format.

  1. Update the PATCH request payload by adding the following attributes:

    Copy 
    [
        {
            "op": "add",
            "path": "/connectorAttributes/uuidInLittleEndianFormat",
            "value": true
        }
    ]

  2. Perform the PATCH request to the source endpoint.

    PATCH /v3/sources/:id