What attributes should be in the global catalog if I am using cross domain logon?
The following attributes should be in the global catalog:
uidNumber
gidNumber
gecos
unixHomeDirectory
loginShell
It is advisable to use load-users-from-gc setting when you have users spread out over multiple domains and you do not want to set the search path to each domain. Between 2 and 7 it is up to you but there is no real down-side, as long as you want ALL users loaded. Above 7 domains it is recommended.
If you are using the load-users-from-gc in your vas.conf then the following are a list of attribute that should go in the GC as well:
logonHours
accountExpires
pwdLastSet
lockOutTime
The attribute you are using to login with should be indexed. So for example if you use UID number to login with than UID number should be indexed.
© 2024 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy Cookie Preference Center