000025999 - How to add custom properties in RSA ClearTrust

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000025999
Applies ToRSA ClearTrust 4.7.1
RSA ClearTrust Data Adapter for iPlanet
iPlanet 5.1 Directory Server
Sun ONE Directory Server
IssueHow to add custom properties in RSA ClearTrust
PropertyDefinitions can only be created on existing LDAP attributes
CauseWhere LDAP is being used, it is a common requirement that the property must first be defined as a property which may be included in the user class. See details about User Properties in the ClearTrust administration manual. The ClearTrust documentation states this is a requirement of using LDAP. However, some Directory servers do not limit you in this way (e.g. eTrust from CA).
ResolutionAn example of existing attributes which may be assigned to inetorgperson are things like "audio" and "userPKCS12". Since inetorgperson has person as a superclass of person, then telephoneNumber is also an example of an existing attribute.

The schema should be modified to set up the additional attributes such that they can also be used. One way this can be done is to create a new objectclass called CitrixPerson which can inherit from inetorgperson but has the additional attributes that make it different from inetorgperson. The ldap.conf would be updated to reflect that the object class for users in ClearTrust was CitrixPerson, not inetorgperson. Be careful how you go about creating user, since things like the iPlanet admin interface use the class of inetorgperson if you select to add "User" with it. The supposition from the initial intended use is that a Citrix admin interface itself is going to add the users to the Directory server.

It may also be a good idea to create an auxiliary class called, for example, citrixauxclass, and it may contain the required attributes from Citrix. Then, ensure that whenever a new user is created, they are created with an interface that creates the user as an inetorgperson, and also that adds the additional attributes in the auxiliary class of citrixauxuser (so Citrix requirements are met) and ctscUserAuxClass (so that ClearTrust will accept the user as a ClearTrust User).
WorkaroundRSA ClearTrust administrator was adding a new property definition via the ClearTrust Admin GUI
Legacy Article IDa12456