On systems where the BINDING_ATTR value has been changed should the USERID_ATTR value also be changed?
Originally Published: 2004-01-16
Article Number
Applies To
RSA Mobile 1.5
Microsoft Windows 2000 Server SP3
Issue
Resolution
Some information regarding the definitions may be found on page 117 of the RSA Mobile 1.5 Planning Deployment and Installation guide, where it explains what the values are, but the true nature of the value may not be apparent.
RSA Mobile has the concept of a "userid", a value an end user types at a login screen when they visit a Web site protected by RSA Mobile. RSA Mobile needs to know how to find this value inside its datastore, and so has a mapping to some value in the store by means of the "USERID_ATTR".
It is very likely that the "cn" value you are creating users with in the directory server will match what you want for RSA Mobile login IDs. Therefore, it is correct that changing to "USERID_ATTR=cn" is a good idea. However, it is possible that in the directory server, users will look as follows:
dn: cn=John Doe, ou=RSAMobileUsers, o=Acme Banking Corp
cn=John Doe
Surname=Doe
Firstname=John
uid=jdoe
Here, the directory server (and maybe other applications including the Administrator names in RSA Mobile) generate names with a "friendly" cn value. However, also notice that a uid value has been created by an administrator at the same time, specifically to set as "loginID" for any applications that want a short value.
As another example, lets say users will login using a back account number - you might have this:
USERID_ATTR=account
BINDING_ATTR=cn
And a user set up in the directory server like this:
dn: cn=John Doe, ou=RSAMobileUsers, o=Acme Banking Corp
cn=John Doe
Surname=Doe
Firstname=John
account=0098573532904
So the directory server would see you as "cn=John Doe, ou=RSAMobileUsers, o=Acme Banking Corp". If you were an RSA mobile administrator, you would have been added as:
configtool ADMINFULLADMIN John Doe
But if you connected to a Web site, your userID on the Web page would be "0098573532904".
Related Articles
A device has changed from Unknown to a known device type and there is data that needs to be migrated. Number of Views Allow the Use of Nonstandard Email Domains Number of Views RSA Governance & Lifecycle Integration: Infosys Finacle Summary Number of Views RSA Governance & Lifecycle Recipes: Report - AD Admin Group Members Number of Views RSA Identity Governance and Lifecycle 7.0.2 displays error communicating with server when saving workflows having more tha… Number of Views
Trending Articles
RSA Authentication Manager 8.9 Release Notes (January 2026) RSA MFA Agent 2.3.6 for Microsoft Windows Installation and Administration Guide RSA-2026-07: RSA Authentication Manager Security Update for Third-Party Component Vulnerabilities Downloading RSA Authentication Manager license files or RSA Software token seed records RSA MFA Agent 2.5 for Microsoft Windows Installation and Administration Guide
Don't see what you're looking for?
