|Applies To||RSA Product Set: Access Manager Servers|
RSA Version/Condition: 6.X
|Issue||How make reserved user attributes Access Manager User Properties|
Error in Entitlements Manager (AdminGUI)
This property already exists.
Error in eserver standard output:
sirrus.da.exception.DuplicateEntryException: Cannot create attributes with reserved name.
|Cause||By default Access Manager prevents you from using reserved user attributes as user properties. Reserved attributes are any attributes that are defined in the ldap.conf file with an attribute map. These attributes are intended to be used internally by Access Manger and not editable through the Entitlements Manager.|
In some instances customers may want to define the reserved user attributes as user properties for export in the http headers. The following work around describes a method of bypassing this restrictions. Customers should ensure that when creating user properties based on reserved attributes that the user properties are always defined as read only. Under no circumstances should these user properties be edited in the entitlements managers. Doing so may cause datastore corruption.
Identify the ldap.conf file setting for the attribute map corresponding to the user attribute you wish to add. For example to add givenName as a user property.
Modyif the ldap.conf file setting and temporarily assign it to a dummy attribute that is not on the reserved attribute list.
Restart the eserver. (Ensure that no other administration is being done at the same time.)
Create your custom user property based on the reserved attribute givenName.
Revert the changes in your ldap.conf file back to the original
Restart the eserver.
|Notes||See also Operation not supported message when trying to create an Access Manager user property.Operation not supported message when trying to create an Access Manager user property.|
|Legacy Article ID||a48259|