Account Move/Rename Operation
To support account move and rename operations, the connector requires Unique Account Attribute value for specific LDAP server.
Ensure to follow the below steps depending on the Unique Account Attribute value type :
-
On the Additional Settings page, provide the respective the Unique Account Attribute for your directory server that you are connecting via the connector. This attribute must be unique within the given directory. Refer to the table below for common Unique Account Attribute names for known directory servers.
The value of this attribute may be stored in a binary format rather than a string. If so, ensure you configure this attribute referring the correct data type for your specific LDAP server to ensure proper handling.
LDAP Server
Unique Account Attribute
Attribute Value Type
ADAM (AD LDS)
objectGUID
Binary
IBM Tivoli Directory Server
ibm-entryuuid
String
Novell eDirectory
GUID
Binary
ODSEE (SunOne)
nsUniqueId
String
OpenLDAP
entryUUID
String
Oracle Internet Directory (OID)
orclGUID
Binary
Oracle Unified Directory (OUD)
entryUUID
String
389 Directory Server
entryUUID
String
-
If the Unique Account Attribute value in the LDAP server is stored in binary format, in addition to adding Unique Account Attribute in Additional Settings page, ensure to add
attributesInBinaryFormatanduuidInLittleEndianFormatattributes to the source configuration to support account move and rename operations. For more information, refer to Configuration for Binary Type Attributes.
Provisioning for Move/Rename Operation
To handle move and rename operations, you need to send special provisioning attributes in an AttributeRequest. The following table lists the special attributes to handle the move and rename operations.
|
Attribute |
Description |
|---|---|
|
AC_NewName |
A string attribute that specifies the new name for the user. For example, cn=abc,uid=xyz |
|
AC_NewParent |
A string attribute that specifies the new organizational unit (OU) for the user. For example, ou=xyz,dc=pqr,dc=com |