The members of a Top Secret profile can be found in the profile's uniqueMember attribute. This is a multi-valued attribute that contains a list of all profile members (tssacids). The CA LDAP Server does not allow this attribute to be updated directly, but it can be updated via the connector. When the connector receives a request to update a profile's uniqueMember attribute, it performs all necessary LDAP calls behind the scenes to synchronize profile members.
How the connector performs profile member synchronization
When the connector receives a request to update a profile’s uniqueMember attribute, it first performs an LDAP search to find out what the profile's current uniqueMember attribute contains. It then compares the attribute with the supplied update and creates a list of users that need to be added or deleted in order to perform the synchronization.
For each user to be added, the connector sends an LDAP modify request for the user (tssacid) object to add the group via the user’s groups attribute. This adds the user to the profile, and the CA LDAP Server then automatically updates the profile's uniqueMember attribute to include the new user.
Similarly, for each user deleted, the connector sends an LDAP modify request for the user (tssacid) object to delete the profile via the user’s groups attribute. This removes the user from the profile and the CA LDAP Server then automatically updates the profile's uniqueMember attribute to remove the user.
Once this is done, the uniqueMember attribute for the profile will match the value that was passed into the connector, effectively synchronizing the two values. This approach is used in the sample profile mapping in this document.
Related topics
The following table lists the Top Secret user, group and profile attributes that are made available to One Identity Manager by the Top Secret LDAP connector.
Table 3: List of Top Secret user, groups, and profile attributes
|
Acid-All |
|
Acid-Audit |
|
Acid-Create |
|
Acid-Defnode |
|
Acid-Info |
|
Acid-Maintain |
|
AcidMatchlim |
|
Acid-Report |
|
Acid-XAuth |
|
AdminAcid |
|
AdministeringAcid |
|
AdministeringDate |
|
AdministeringSMFid |
|
AdministeringTime |
|
AdminListData |
|
AdminMisc1 |
|
AdminMisc2 |
|
AdminMisc3 |
|
AdminMisc4 |
|
AdminMisc5 |
|
AdminMisc6 |
|
AdminMisc7 |
|
AdminMisc8 |
|
AdminMisc9 |
|
AdminSuspend |
|
AllowLocalIPWPhrase |
|
APPC-Sysout-AcctNum |
|
APPC-Sysout-Addr1 |
|
APPC-Sysout-Addr2 |
|
APPC-Sysout-Addr3 |
|
APPC-Sysout-Addr4 |
|
APPC-Sysout-Bldg |
|
APPC-Sysout-Dept |
|
APPC-Sysout-Name |
|
APPC-Sysout-Room |
|
Audit-Attr |
|
AuthoritytoGraphicMonitorFacility |
|
AutoOwnDatasetHLQ |
|
Available-Cmds-per-Facility |
|
Bypass-Dsn-Check |
|
Bypass-Job-Submission-Check |
|
Bypass-Limited-Cmd-Facility-Check |
|
Bypass-Minidisklink-Check |
|
Bypass-Resource-Check |
|
Bypass-Volume-Check |
|
CICS-Auto-Transaction |
|
CICS-Oper-Class |
|
CICS-Oper-Identification |
|
CICS-Oper-Property |
|
CICS-Security-Key |
|
CICS-Time-Out |
|
Console-Auth |
|
ConsoleIdentifier |
|
Created-Date |
|
Created-Time |
|
DCESegmentFlags |
|
Default-Remote-Nodes |
|
Department |
|
Division |
|
DUF-Extract |
|
DUF-Update |
|
EIMProfile |
|
EncryptedKey |
|
EncryptionType |
|
ExpireNow |
|
ExpirePassPhraseNow |
|
Expires |
|
For-Number-of-Days |
|
Globally-Admin-Profile |
|
groupmemberOf |
|
Groups |
|
HomeCell |
|
IMS-Multi-Sys-Coupling |
|
InitialCommand |
|
Installation-Data |
|
InstallationExitSuspended |
|
KerberosName |
|
Language-Pref |
|
Last-Access-Count |
|
Last-Accessed-From-CPU |
|
LastLoginDTS |
|
Last-Used-Date |
|
Last-Used-Facility |
|
Last-Used-Time |
|
LDAP-Destinations |
|
LDAPUser |
|
LinuxEntries |
|
LinuxName |
|
ListData-Acids |
|
ListData-Admin |
|
ListData-All |
|
ListData-Basic |
|
ListData-Cics |
|
ListData-Instdata |
|
ListData-LCF |
|
ListData-Names |
|
ListData-Password |
|
ListData-Profile |
|
ListData-PWVIEW |
|
ListData-Resource |
|
ListData-SessKey |
|
ListData-SMS |
|
ListData-Source |
|
ListData-Tso |
|
ListData-WorkAttr |
|
ListData-XAuth |
|
ListofScopeClasses |
|
LotusName |
|
M1-All |
|
M1-Instdata |
|
M1-LCF |
|
M1-LTime |
|
M1-Noats |
|
M1-RDT |
|
M1-Suspend |
|
M1-TSSSim |
|
M1-User |
|
M2-All |
|
M2-APPCLU |
|
M2-DLF |
|
M2-SMS |
|
M2-Target |
|
M2-TSO |
|
M2-WorkAttr |
|
M3-ALL |
|
M3-SDT |
|
M4-ALL |
|
M4-CERTAUTH |
|
M4-CERTCHEK |
|
M4-CERTEXPO |
|
M4-CERTGEN |
|
M4-CERTLIST |
|
M4-CERTSITE |
|
M4-CERTUSER |
|
M4-KERBUSER |
|
M5-ALL |
|
M5-DCLADMIN |
|
M5-DCLIST |
|
M5-MLSADMIN |
|
M8-All |
|
M8-LISTAPLU |
|
M8-ListRDT |
|
M8-ListSDT |
|
M8-ListSTC |
|
M8-MCS |
|
M8-NOMVSDF |
|
M8-PWMAINT |
|
M8-Remasusp |
|
M9-All |
|
M9-Bypass |
|
M9-Console |
|
M9-Generic |
|
M9-Global |
|
M9-Mastfac |
|
M9-Mode |
|
M9-STC |
|
M9-Trace |
|
Master-Facility |
|
MaxAddrSpaceSize |
|
MaxCPUTime |
|
MaxDataSpacePages |
|
MaxFilesPerProcess |
|
Maximum-Non-Shared-Memory-Space |
|
Maximum-Shared-Memory-Space |
|
MaxProcess |
|
MaxPthreadsCreated |
|
MaxTicketLife |
|
MCS-Alternate-Grp |
|
MCS-Authirized-Cmds |
|
MCS-Auto-Cmds |
|
MCS-Cmd-Target-System |
|
MCS-Delete-Oper-Cmds |
|
MCS-Display-Format |
|
MCS-Keyword |
|
MCS-Log-Cmds |
|
MCS-Migration-ID |
|
MCS-Monitor |
|
MCS-Msgs-Queue-Storage |
|
MCS-Msgs-Received |
|
MCS-Receive-ConsoledZero-Message |
|
MCS-Receive-HardCopy-Messages |
|
MCS-Receive-Unknown-ConsoleID-Messages |
|
MCS-Routing-Code |
|
MCS-Undelivered-Msgs |
|
memberOf |
|
MLSDfltSecLabel |
|
MLSSecLabels |
|
Modified-Date |
|
Modified-Time |
|
Multi-Region-Optimized-Signon |
|
name |
|
No-Automatic-Dsn-Protection |
|
No-Automatic-Terminal-Signon |
|
No-OMVS-Default-User |
|
No-Password-Chg |
|
NovellName |
|
No-Vthresh-Suspend |
|
objectClass |
|
OMVS-Dflt-Group |
|
OMVS-Group-ID |
|
OMVS-Home-Subdir |
|
OMVS-Program |
|
OMVS-User-ID |
|
Operating-Mode |
|
PassPhrase |
|
PasswordSuspended |
|
Physical-Security-Key |
|
Policy-Profiles |
|
PrincipalNameofUser |
|
Profile-After |
|
Profile-Before |
|
Profile-First |
|
Profile-Names |
|
Profile-Until-Date |
|
ProgramIdentifierinOtherDomain |
|
PWPhrase |
|
ReceiveUnsolicitedMessages |
|
Refresh |
|
RestrictedAccess |
|
Restricted-Cmds-per-Facility |
|
SecurityCheckIdentifier |
|
SMS-Application-ID |
|
SMS-Data-Class |
|
SMS-Mgmt-Class |
|
SMS-Storage-Class |
|
Source-Reader |
|
StringFormofUUID |
|
Target-Notes-for-Cmds |
|
Terminal-Lock-Time |
|
Time-Zone |
|
Trace-ACID-Activity |
|
TSO-Hold-Class |
|
TSO-Job-Class |
|
TSO-Logon-Account |
|
TSO-Logon-Command |
|
TSO-Logon-Proc |
|
TSO-Max-Region-Size |
|
TSO-Message-Class |
|
TSO-Multiple-Passwords |
|
TSO-Options |
|
TSO-Output-Destination |
|
TSO-Performance-Grp |
|
TSO-Region-Size |
|
TSO-Sysout-Class |
|
TSO-Unit |
|
TSO-User-Data |
|
tssacid |
|
tssgroup |
|
tssprofile |
|
UIDGIDRange |
|
uniqueMember |
|
Until-Date |
|
User-Access |
|
UserDefFields |
|
UserHomeCellUUID |
|
userPassword |
|
userPassword-Expire |
|
userPassword-Interval |
|
userPasswordPhraseInterval |
|
User-Suspend |
|
User-Type |
|
Using-Acid |
|
ViolationsSuspended |
|
VSE-IES-Dflt-Usercat |
|
VSE-IES-Fld1 |
|
VSE-IES-Fld2 |
|
VSE-IES-Init |
|
VSE-IES-Synm-ModelID |
|
VES-IES-Type |
|
Wait-for-Synchronous-Processing |
|
Zone |
