The attributes in account templates determine how attributes are defined in the account.
Account templates include two types of attributes:
Accounts are considered synchronized with their account templates when all the capability attributes are synchronized. These are attributes that differ from endpoint type to endpoint type such as group memberships, privileges, quotas, login-restrictions; they control what the user can do when logging into the account.
Synchronization does not update other account attributes. They are initialized from the account templates during account creation and they can also be updated during propagation functions. The Provisioning Server provides two propagation functions (an immediate update of accounts at the time the account template is changed and an update of accounts at the time global user attributes change).
To find out which attributes are defined as capabilities and which are initial, you need to generate the eTACapability.txt file. Enter the following command from a Windows Command prompt:
PS_HOME\dumpptt.exe -c > eTACapability.txt
Specifies C:\Program Files\CA\Identity Manager\Provisioning Server\bin
A version of the file is generated for all of the connectors that you have installed.
When you create an account template, you use rules strings to define the format of many account attributes. Rule strings are variables for the actual value. Rules strings are useful when you want to generate attributes that change from one account to another. When rules are evaluated, CA Identity Manager replaces the rule strings entered in the account templates with data specified in the user object.
Note: Rule evaluation is not performed on accounts created during an exploration or on accounts created without provisioning roles.
The following table lists the rule strings in CA Identity Manager:
Rule String |
Description |
---|---|
%AC% |
Account name |
%D% |
Current date in the format dd/mm/yyyy (the date is a computed value that does not involve the global user information). This rule string is equivalent to one of the following: %$$DATE()% |
%EXCHAB% |
Mailbox hide from exchange address book |
%EXCHS% |
Mailbox home server name |
%EXCMS% |
Mailbox store name |
%GENUID% |
Numeric UNIX/POSIX user identifier. This rule variable is the same as %UID% as long as the global user UID value is set. However, if the global user has no assigned UID value, and UID-generation is enabled (Global Properties on System Task), several actions occur. The next available UID value is allocated, assigned to the global user, and used as the value of this rule variable. |
%P% |
Password |
%U% |
Global user name |
%UA% |
Full address (generated from street, city, state, and postal code) |
%UB% |
Building |
%UC% |
City |
%UCOMP% |
Company name |
%UCOUNTRY% |
Country |
%UCUxx% or %UCUxxx% |
Custom field (xx or xxx represents the two-digit or three-digit field ID as specified on the Custom User Fields tab in the System Task frame) |
%UD% |
Description |
%UDEPT% |
Department |
%UE% |
Email address |
%UEP% |
Primary email address |
%UES% |
Secondary email addresses |
%UF% |
First name |
%UFAX% |
Facsimile number |
%UHP% |
Home page |
%UI% |
Initials |
%UID% |
Numeric UNIX/POSIX User Identifier |
%UL% |
Last name |
%ULOC% |
Location |
%UMI% |
Middle initial |
%UMN% |
Middle name |
%UMP% |
Mobile telephone number |
%UN% |
Full name |
%UO% |
Office name |
%UP% |
Telephone number |
%UPAGE% |
Pager number |
%UPC% |
Postal code, ZIP Code |
%UPE% |
Telephone number extension |
%US% |
State |
%USA% |
Street address |
%UT% |
Job title |
%XD% |
Generates the current timestamp in XML dateTimeValue format, a fixed-length string format. In a dateValue or timeValue attribute, you can write an (:offset,length) substring expression to extract the date or time parts of the dateTimeValue. For example, %XD:1,10% yields YYYY-MM-DD; and %XD:12,8% yields HH:MM:SS. |
To use a specific, constant value for an account attribute, enter the value in the account template field instead of in a rule string. For example, you can enter values for specifying frequency limits or quantity size.
If the constant attribute value must contain more than one percent sign, enter two percent signs (%%) each time. CA Identity Manager translates them to one percent sign (%) when building the account attribute value. If the account template value contains only one percent sign, CA Identity Manager does not generate an error. The rule states that if you want a literal value of 25%, you must specify 25%%. However, as a special case, 25% will be accepted.
Copyright © 2015 CA Technologies.
All rights reserved.
|
|