You can use the Active Roles console or Web Interface to add a picture for a user, group or contact object. An advantage of using pictures, such as the photographs or logos, is that a picture makes it easier to recognize the user, group or contact in e-mail clients and Web applications that can retrieve the picture from Active Directory. When you supply a picture for a user, group or contact via Active Roles, the picture is saved in the thumbnailPhoto
attribute of that user, contact or group in Active Directory.
Active Roles provides a policy to enforce the picture size limits, including maximal and minimal dimensions and the option to resize the picture automatically. When you add a picture to the user, group or contact, Active Roles checks the dimensions of the picture, and does not apply the picture in case of policy violation. If automatic picture resizing is enabled, Active Roles reduces the dimensions of the picture as needed, by resampling down the original picture.
You can use the following policy options to configure the picture management rules:
thumbnailPhoto
attribute of the user, contact or group object class. You can choose a different attribute for each object class separately. For instance, you can configure the policy to control the thumbnailLogo
or jpegPhoto
user attribute while retaining control of the thumbnailPhoto
attribute of groups and contacts.
To view or modify the policy options
By default, the built-on Policy Object is applied to the Active Directory node in the Active Roles namespace, so the policy options affect all users, groups and contacts in the managed domains. If you need different policy options for different domains or containers, create a copy of the built-in Policy Object, and then configure and apply the copy as appropriate.
In Active Roles, administrators can configure policies of the pre-defined types that are installed with Active Roles. By default, the list of policy types in the Active Roles console contains only the pre-defined types, such as Home Folder AutoProvisioning or User Account Deprovisioning. It is possible to extend the list by adding new types of policy.
Each policy type determines a certain policy action (for example, creating a home folder for a user account) together with a collection of policy parameters to configure the policy action (for example, parameters that specify the network location where to create home folders). Active Roles provides the ability to implement and deploy custom types of policy. It enables custom policy types to be created as necessary, and listed along with the pre-defined policy types, allowing administrators to configure policies that perform custom actions determined by those new types of policy.
Active Roles allows the creation of custom policies based on the Script Execution built-in policy type. However, creating and configuring a script policy from scratch can be time-consuming. Custom policy types provide a way to mitigate this overhead. Once a custom policy type is deployed that points to a particular script, administrators can easily configure and apply policies of that type, having those policies perform the actions determined by the script. The policy script also defines the policy parameters specific to the policy type.
Custom policy types provide an extensible mechanism for deploying custom policies. This capability is implemented by using the Policy Type object class. Policy Type objects can be created by using the Active Roles console, with each object representing a certain type of custom policy.
The policy extensibility feature is designed around two interactions: policy type deployment and policy type usage.
The deployment process involves the development of a script that implements the policy action and declares the policy parameters; the creation of a Script Module containing that script; and the creation of a Policy Type object referring to that Script Module. To deploy a policy type to a different environment, an administrator can export the policy type to an export file in the source environment and then import the file in the destination environment. Using export files makes it easy to distribute custom policy types.
© 2021 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy