|Applies To||RSA ClearTrust 4.7.1|
RSA ClearTrust Data Adapter for iPlanet
iPlanet 5.1 Directory Server
Sun ONE Directory Server
|Issue||How to add custom properties in RSA ClearTrust|
PropertyDefinitions can only be created on existing LDAP attributes
|Cause||Where LDAP is being used, it is a common requirement that the property must first be defined as a property which may be included in the user class. See details about User Properties in the ClearTrust administration manual. The ClearTrust documentation states this is a requirement of using LDAP. However, some Directory servers do not limit you in this way (e.g. eTrust from CA).|
|Resolution||An example of existing attributes which may be assigned to inetorgperson are things like "audio" and "userPKCS12". Since inetorgperson has person as a superclass of person, then telephoneNumber is also an example of an existing attribute.|
The schema should be modified to set up the additional attributes such that they can also be used. One way this can be done is to create a new objectclass called CitrixPerson which can inherit from inetorgperson but has the additional attributes that make it different from inetorgperson. The ldap.conf would be updated to reflect that the object class for users in ClearTrust was CitrixPerson, not inetorgperson. Be careful how you go about creating user, since things like the iPlanet admin interface use the class of inetorgperson if you select to add "User" with it. The supposition from the initial intended use is that a Citrix admin interface itself is going to add the users to the Directory server.
It may also be a good idea to create an auxiliary class called, for example, citrixauxclass, and it may contain the required attributes from Citrix. Then, ensure that whenever a new user is created, they are created with an interface that creates the user as an inetorgperson, and also that adds the additional attributes in the auxiliary class of citrixauxuser (so Citrix requirements are met) and ctscUserAuxClass (so that ClearTrust will accept the user as a ClearTrust User).
|Workaround||RSA ClearTrust administrator was adding a new property definition via the ClearTrust Admin GUI|
|Legacy Article ID||a12456|