On systems where the BINDING_ATTR value has been changed should the USERID_ATTR value also be changed?
Originally Published: 2004-01-16
Article Number
Applies To
RSA Mobile 1.5
Microsoft Windows 2000 Server SP3
Issue
Resolution
Some information regarding the definitions may be found on page 117 of the RSA Mobile 1.5 Planning Deployment and Installation guide, where it explains what the values are, but the true nature of the value may not be apparent.
RSA Mobile has the concept of a "userid", a value an end user types at a login screen when they visit a Web site protected by RSA Mobile. RSA Mobile needs to know how to find this value inside its datastore, and so has a mapping to some value in the store by means of the "USERID_ATTR".
It is very likely that the "cn" value you are creating users with in the directory server will match what you want for RSA Mobile login IDs. Therefore, it is correct that changing to "USERID_ATTR=cn" is a good idea. However, it is possible that in the directory server, users will look as follows:
dn: cn=John Doe, ou=RSAMobileUsers, o=Acme Banking Corp
cn=John Doe
Surname=Doe
Firstname=John
uid=jdoe
Here, the directory server (and maybe other applications including the Administrator names in RSA Mobile) generate names with a "friendly" cn value. However, also notice that a uid value has been created by an administrator at the same time, specifically to set as "loginID" for any applications that want a short value.
As another example, lets say users will login using a back account number - you might have this:
USERID_ATTR=account
BINDING_ATTR=cn
And a user set up in the directory server like this:
dn: cn=John Doe, ou=RSAMobileUsers, o=Acme Banking Corp
cn=John Doe
Surname=Doe
Firstname=John
account=0098573532904
So the directory server would see you as "cn=John Doe, ou=RSAMobileUsers, o=Acme Banking Corp". If you were an RSA mobile administrator, you would have been added as:
configtool ADMINFULLADMIN John Doe
But if you connected to a Web site, your userID on the Web page would be "0098573532904".
Related Articles
Where is the key stored for the encryption when using FSM? Only in the Manager or also in the adapter? Number of Views Question: Can unmapped (also known as orphan) events be converted to mapped events Number of Views RSA Identity Governance and Lifecycle 7.1: Configuring Wildfly Clustering Number of Views Data collection fails with error "java.lang.ArithmeticException: / by zero" in RSA Identity Governance & Lifecycle Number of Views RSA Authentication Manager 6.1 to 8.0 Migration Guide Number of Views
Trending Articles
Troubleshooting RSA SecurID Access Identity Router to RSA Authentication Manager test connection failures RSA SecurID Software Token 5.0.2 Downloads for Microsoft Windows RSA Authentication Manager 8.9 Release Notes (January 2026) Quick Setup Guide - Passwordless Authentication in Windows MFA Agent for Active Directory RSA Authentication Manager 8.8 Setup and Configuration Guide
Don't see what you're looking for?
