000014584 - AXM - Cannot use certain attributes for smart rules (givenName  sn  mail etc)

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000014584
Applies ToAlthough the attribute for email is mapped in ldap.conf and also provisioned for the user when the user was added, it cannot be used for a smartrule as it is a system required attribute.
IssueAXM - Cannot use certain attributes for smart rules
Trying to use email attribute to create a smartrule.  Although email can be provisioned thru admingui, when trying to select it as a property to be used in the evaluation of a smart rule, the property does not appear in the pulldown.
Cause

This is noted in the Access Manager Administrators guide on page 35 (for 6.X AXM) where it states:

Important: Properties must have unique names. They cannot share names with the required user information fields listed in ?User Attributes? on page 28. For example, in the default iPlanet/Sun ONE configuration, the following attributes are reserved: cn, givenname, sn, mail, userpassword. Also, avoid system-level attributes. If you are using the default user object class, you cannot use the attributes dn, uid, o and dc as properties.

ResolutionWhen creating smartrules, utilize properties outside of those which are listed as required for AXM.  Refer to page 28 of the AXM administrators guide for which attributes cannot be used in the creation of smartrules based on your configuration.  Mail is a required attribute which cannot be used in the creation of smartrules.
Legacy Article IDa43785

Attachments

    Outcomes