Account Move/Rename Operation
To enable the account move/rename operation, you must provide the uniqueAccountAttribute for the configured LDAP server.
For ADAM (AD LDS), the default UUID attribute is objectGUID. If you use a custom UUID attribute, specify that instead. You need to configure this attribute using the following API PATCH request:
[
{
"op": "add",
"path": "/connectorAttributes/uniqueAccountAttribute",
"value": "objectGUID"
}
]
Handling Binary Attribute for AD LDS
Note
While attributesInBinaryFormat attribute is optional, for AD LDS, the UUID attribute (objectGUID) is a binary attribute. Therefore, you must configure the UUID attribute in both attributesInBinaryFormat and uniqueAccountAttribute.
attributesInBinaryFormat
To handle binary attributes for the AD LDS server, use the attributesInBinaryFormat multi-valued configuration attribute. This attribute specifies which LDAP attributes to fetch in binary format.
[
{
"op": "add",
"path": "/connectorAttributes/attributesInBinaryFormat",
"value": ["objectGUID", "<binary attribute 2>"]
}
]
uuidInLittleEndianFormat
Binary attributes can be converted to a string format for processing and storage in two ways: little-endian (such as Microsoft AD, ADAM) and big-endian (such as Novell eDirectory).
To ensure binary attributes are processed and saved in the correct format, the uuidInLittleEndianFormat boolean attribute is required. For ADAM, set the value to true.
[
{
"op": "add",
"path": "/connectorAttributes/uuidInLittleEndianFormat",
"value": true
}
]
Provisioning for Move/Rename Operation
To handle move and rename operations, you need to send special provisioning attributes in an AttributeRequest. The following table lists the special attributes to handle the move and rename operations.
|
Attribute |
Description |
|---|---|
|
AC_NewName |
A string attribute that specifies the new name for the user. For example, cn=abc,uid=xyz |
|
AC_NewParent |
A string attribute that specifies the new organizational unit (OU) for the user. For example, ou=xyz,dc=pqr,dc=com |