Chat now with support
Chat with Support

Identity Manager 9.2.1 - LDAP Connector for CA Top Secret Reference Guide

Synchronizing Top Secret profile memberships

The members of a Top Secret profile can be found in the profile's uniqueMember attribute. This is a multi-valued attribute that contains a list of all profile members (tssacids). The CA LDAP Server does not allow this attribute to be updated directly, but it can be updated via the connector. When the connector receives a request to update a profile's uniqueMember attribute, it performs all necessary LDAP calls behind the scenes to synchronize profile members.

How the connector performs profile member synchronization

When the connector receives a request to update a profile’s uniqueMember attribute, it first performs an LDAP search to find out what the profile's current uniqueMember attribute contains. It then compares the attribute with the supplied update and creates a list of users that need to be added or deleted in order to perform the synchronization.

For each user to be added, the connector sends an LDAP modify request for the user (tssacid) object to add the group via the user’s groups attribute. This adds the user to the profile, and the CA LDAP Server then automatically updates the profile's uniqueMember attribute to include the new user.

Similarly, for each user deleted, the connector sends an LDAP modify request for the user (tssacid) object to delete the profile via the user’s groups attribute. This removes the user from the profile and the CA LDAP Server then automatically updates the profile's uniqueMember attribute to remove the user.

Once this is done, the uniqueMember attribute for the profile will match the value that was passed into the connector, effectively synchronizing the two values. This approach is used in the sample profile mapping in this document.

Related topics

Top Secret attributes

The following table lists the Top Secret user, group and profile attributes that are made available to One Identity Manager by the Top Secret LDAP connector.

Table 3: List of Top Secret user, groups, and profile attributes

Attribute name

Acid-All

Acid-Audit

Acid-Create

Acid-Defnode

Acid-Info

Acid-Maintain

AcidMatchlim

Acid-Report

Acid-XAuth

AdminAcid

AdministeringAcid

AdministeringDate

AdministeringSMFid

AdministeringTime

AdminListData

AdminMisc1

AdminMisc2

AdminMisc3

AdminMisc4

AdminMisc5

AdminMisc6

AdminMisc7

AdminMisc8

AdminMisc9

AdminSuspend

AllowLocalIPWPhrase

APPC-Sysout-AcctNum

APPC-Sysout-Addr1

APPC-Sysout-Addr2

APPC-Sysout-Addr3

APPC-Sysout-Addr4

APPC-Sysout-Bldg

APPC-Sysout-Dept

APPC-Sysout-Name

APPC-Sysout-Room

Audit-Attr

AuthoritytoGraphicMonitorFacility

AutoOwnDatasetHLQ

Available-Cmds-per-Facility

Bypass-Dsn-Check

Bypass-Job-Submission-Check

Bypass-Limited-Cmd-Facility-Check

Bypass-Minidisklink-Check

Bypass-Resource-Check

Bypass-Volume-Check

CICS-Auto-Transaction

CICS-Oper-Class

CICS-Oper-Identification

CICS-Oper-Property

CICS-Security-Key

CICS-Time-Out

Console-Auth

ConsoleIdentifier

Created-Date

Created-Time

DCESegmentFlags

Default-Remote-Nodes

Department

Division

DUF-Extract

DUF-Update

EIMProfile

EncryptedKey

EncryptionType

ExpireNow

ExpirePassPhraseNow

Expires

For-Number-of-Days

Globally-Admin-Profile

groupmemberOf

Groups

HomeCell

IMS-Multi-Sys-Coupling

InitialCommand

Installation-Data

InstallationExitSuspended

KerberosName

Language-Pref

Last-Access-Count

Last-Accessed-From-CPU

LastLoginDTS

Last-Used-Date

Last-Used-Facility

Last-Used-Time

LDAP-Destinations

LDAPUser

LinuxEntries

LinuxName

ListData-Acids

ListData-Admin

ListData-All

ListData-Basic

ListData-Cics

ListData-Instdata

ListData-LCF

ListData-Names

ListData-Password

ListData-Profile

ListData-PWVIEW

ListData-Resource

ListData-SessKey

ListData-SMS

ListData-Source

ListData-Tso

ListData-WorkAttr

ListData-XAuth

ListofScopeClasses

LotusName

M1-All

M1-Instdata

M1-LCF

M1-LTime

M1-Noats

M1-RDT

M1-Suspend

M1-TSSSim

M1-User

M2-All

M2-APPCLU

M2-DLF

M2-SMS

M2-Target

M2-TSO

M2-WorkAttr

M3-ALL

M3-SDT

M4-ALL

M4-CERTAUTH

M4-CERTCHEK

M4-CERTEXPO

M4-CERTGEN

M4-CERTLIST

M4-CERTSITE

M4-CERTUSER

M4-KERBUSER

M5-ALL

M5-DCLADMIN

M5-DCLIST

M5-MLSADMIN

M8-All

M8-LISTAPLU

M8-ListRDT

M8-ListSDT

M8-ListSTC

M8-MCS

M8-NOMVSDF

M8-PWMAINT

M8-Remasusp

M9-All

M9-Bypass

M9-Console

M9-Generic

M9-Global

M9-Mastfac

M9-Mode

M9-STC

M9-Trace

Master-Facility

MaxAddrSpaceSize

MaxCPUTime

MaxDataSpacePages

MaxFilesPerProcess

Maximum-Non-Shared-Memory-Space

Maximum-Shared-Memory-Space

MaxProcess

MaxPthreadsCreated

MaxTicketLife

MCS-Alternate-Grp

MCS-Authirized-Cmds

MCS-Auto-Cmds

MCS-Cmd-Target-System

MCS-Delete-Oper-Cmds

MCS-Display-Format

MCS-Keyword

MCS-Log-Cmds

MCS-Migration-ID

MCS-Monitor

MCS-Msgs-Queue-Storage

MCS-Msgs-Received

MCS-Receive-ConsoledZero-Message

MCS-Receive-HardCopy-Messages

MCS-Receive-Unknown-ConsoleID-Messages

MCS-Routing-Code

MCS-Undelivered-Msgs

memberOf

MLSDfltSecLabel

MLSSecLabels

Modified-Date

Modified-Time

Multi-Region-Optimized-Signon

name

No-Automatic-Dsn-Protection

No-Automatic-Terminal-Signon

No-OMVS-Default-User

No-Password-Chg

NovellName

No-Vthresh-Suspend

objectClass

OMVS-Dflt-Group

OMVS-Group-ID

OMVS-Home-Subdir

OMVS-Program

OMVS-User-ID

Operating-Mode

PassPhrase

PasswordSuspended

Physical-Security-Key

Policy-Profiles

PrincipalNameofUser

Profile-After

Profile-Before

Profile-First

Profile-Names

Profile-Until-Date

ProgramIdentifierinOtherDomain

PWPhrase

ReceiveUnsolicitedMessages

Refresh

RestrictedAccess

Restricted-Cmds-per-Facility

SecurityCheckIdentifier

SMS-Application-ID

SMS-Data-Class

SMS-Mgmt-Class

SMS-Storage-Class

Source-Reader

StringFormofUUID

Target-Notes-for-Cmds

Terminal-Lock-Time

Time-Zone

Trace-ACID-Activity

TSO-Hold-Class

TSO-Job-Class

TSO-Logon-Account

TSO-Logon-Command

TSO-Logon-Proc

TSO-Max-Region-Size

TSO-Message-Class

TSO-Multiple-Passwords

TSO-Options

TSO-Output-Destination

TSO-Performance-Grp

TSO-Region-Size

TSO-Sysout-Class

TSO-Unit

TSO-User-Data

tssacid

tssgroup

tssprofile

UIDGIDRange

uniqueMember

Until-Date

User-Access

UserDefFields

UserHomeCellUUID

userPassword

userPassword-Expire

userPassword-Interval

userPasswordPhraseInterval

User-Suspend

User-Type

Using-Acid

ViolationsSuspended

VSE-IES-Dflt-Usercat

VSE-IES-Fld1

VSE-IES-Fld2

VSE-IES-Init

VSE-IES-Synm-ModelID

VES-IES-Type

Wait-for-Synchronous-Processing

Zone

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating