To view or modify properties of an entry
Display the form in the Form Editor and click the tab that includes the entry to manage.
Click the Edit icon next to the name of the entry you want to manage.
If needed, modify properties of the entry, click Save, and then click Reload.
|
NOTE: The changes made to an entry are applied to the entry on every form containing the entry. |
The properties of an entry that you can view or modify include the following (for more information, see Type of entry and Entry for an attribute of DN syntax later in this document):
The Web Interface provides for these types of entry:
For each entry, certain logic is implemented that governs how to process the values of the managed attribute. When retrieving an attribute from the directory, the entry uses that logic to represent the attribute value in the appropriate format. When applying changes to an attribute value, the entry relies on that logic to transform the changes, if necessary, to meet the requirements imposed by the directory.
When you create an entry using the Form Editor, default processing logic is applied based on the syntax of the managed attribute according to the directory schema. Such default entries are referred to as Auto entries in the Web Interface.
For each of the syntaxes that are defined in Active Directory, certain default logic is defined in the Web Interface and applied to every Auto entry for managing any attribute of the respective syntax. Thus, an auto entry for an attribute of Boolean syntax takes the form of a check box. An auto entry for an attribute of String (Unicode) syntax is merely an edit box.
Default processing logic may not be suitable for all attributes. A typical example is userAccountControl.
In Active Directory, the userAccountControl attribute values are stored as integers, so the Auto entry for that attribute takes the form of an edit box that displays the integer value retrieved from the directory. This representation of attribute values is not helpful because a value of the userAccountControl attribute is, in fact, a 4-byte (32-bit) data structure that contains flags for configuring some user account settings, such as the flag that controls whether a user account is enabled or disabled.
A value of userAccountControl is a type of integer wherein each bit in the numeric value represents a unique setting. This type of integer is called a bit field. Because each bit in a bit field represents a different setting, simply examining the integer value as a whole number is of little use. You must examine the individual bit that corresponds to the setting you are interested in viewing or changing.
To help identify which bit to check in the userAccountControl value, the Web Interface provides a predefined entry that uses custom logic to represent each bit as a separate check box. The entries like this one, which use processing logic differing from default processing logic, are called Custom entries in the Web Interface (as opposed to the Auto entries that rely on default processing logic).
In the Web Interface, a lot of predefined custom entries are available out of the box. Each of the predefined custom entries, like the custom entry for the userAccountControl attribute, is designed to manage a single attribute or a group of related attributes in accord with the intended meaning of the attribute or attributes rather than only based on the syntax of attribute values. If necessary, new custom entries can be added that use any suitable processing logic. For more information and instructions, see the Active Roles SDK.
The auto entries for attributes of Object (DS-DN) syntax have certain features that are specific to only this category of entries. In this topic, for the sake of brevity, such entries are referred to as DN entries.
Values of an attribute of Object (DS-DN) syntax are strings, each specifying the distinguished name (DN) of a certain directory object. For attributes with this syntax, Active Directory handles attribute values as references to the object identified by the DN and automatically updates the value if the object is moved or renamed. Examples of such attributes are “member”, “managedBy” and “manager”.
A DN entry retrieves DN values from the attribute, looks up for the objects that are identified by the DN values, and displays a list of those objects. By default, the list contains the following information about each object:
You can configure the list to display values of other attributes: open the Properties page for the entry (see Managing properties of an entry earlier in this document), and click the Advanced tab. Then, modify the list of names in the Columns box as required. You can type LDAP display names of attributes in the Columns box, separating them by commas, or you can click the button next to the Columns box and select attributes. The list provided by the entry will include one column per each attribute you specify, with each column showing the values of the respective attribute.
A DN entry provides the ability to make changes to the managed attribute, that is, to add or remove DN values from the attribute. For this purpose, a DN entry supplements the list of objects with the Add and Remove controls. The Remove control deletes list entries, consequently removing the respective DN values from the managed attribute. The Add control uses the Select Object dialog box for selecting objects. The entries representing the selected objects are then added to the list, with the DN of each object being eventually appended to the values in the managed attribute.
It is possible to customize the Select Object dialog box that is used by the Add control in a DN entry. For this purpose, a DN entry provides a number of options. These options can be found on the Advanced tab of the Properties page for a DN entry (for instructions on how to access the Properties page, see Managing properties of an entry earlier in this document):
The target attribute must be an attribute that stores distinguished names, such as “member” or “managedBy”. The search is performed against the objects that are identified by the distinguished names found in the target attribute. For example, if the Find in object is a group and “member” is specified as the target attribute, then the search will be performed against all objects that are members of the group and the list view will be populated with the members of the group that match the search filter.
This section discusses the following customization scenarios:
© 2021 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy