000025343 - How to add user properties for non-user object attributes in ClearTrust

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000025343
Applies ToRSA ClearTrust 5.0.1
RSA ClearTrust Agent 3.0.1
iPlanet 5.1 Directory Server
iPlanet 4.11 Directory Server
IssueHow to add user properties for non-user object attributes in ClearTrust
Error: "User object class violation" appears when creating a user property through entitlement manager
ResolutionThere are two ways to add a new user property:

1. A new user object class can be added in ldap.conf file; all attributes belong to this new user object class will be eligible to be added as user properties. For example, to add a new object "class myorganization", edit the ldap.conf file as shown below:

Before:  cleartrust.data.ldap.user.objectclass  :top, person, organizationalPerson, inetOrgPerson, ctscUserAuxClass
After:  cleartrust.data.ldap.user.objectclass  :top, person, organizationalPerson, inetOrgPerson, ctscUserAuxClass, myorganization.

2. An attribute can be added to any of the existing user object classes. For example, the new attribute can be added to ctscUserAuxClass. For example, to add a new attribute "personaltitle", edit the 60rsa-iPlanet-schema.ldif file and add the new attribute "personaltitle" to the ctscUserAuxClass.object as shown below:

Before: Classes: ( 1.3.6.1.4.1.8241.2.13 NAME 'ctscUserAuxClass' SUP top AUXILIARY MAY ( ctscUserKeywords $ ctscAccountStartDate $ ctscAccountEndDate $ ctscPasswordCreationDate $ ctscPasswordExpirationDate $ ctscPasswordHistory $ ctscFailedLoginCount $ ctscLastResetDate $ ctscLockoutExpirationDate $ ctscPasswordLockoutEnable $ ctscUserDN ) X-ORIGIN 'RSA ClearTrust' )

After:  add attribute "personaltitle" into the objectCalss: Before: Classes: ( 1.3.6.1.4.1.8241.2.13 NAME 'ctscUserAuxClass' SUP top AUXILIARY MAY ( ctscUserKeywords $ ctscAccountStartDate $ ctscAccountEndDate $ ctscPasswordCreationDate $ ctscPasswordExpirationDate $ ctscPasswordHistory $ ctscFailedLoginCount $ ctscLastResetDate $ ctscLockoutExpirationDate $ ctscPasswordLockoutEnable $ ctscUserDN $ personaltitle ) X-ORIGIN 'RSA ClearTrust' )
WorkaroundAdding user attributes which are not a part of user object class. User properties must be mapped to user attributes that belong to user object classes. By default, ClearTrust defines the user.objectclass as top, person, organizationalPerson, inetOrgPerson, and ctscUserAuxClass.
Legacy Article IDa18132

Attachments

    Outcomes