On systems where the BINDING_ATTR value has been changed should the USERID_ATTR value also be changed?
Originally Published: 2004-01-16
Article Number
Applies To
RSA Mobile 1.5
Microsoft Windows 2000 Server SP3
Issue
Resolution
Some information regarding the definitions may be found on page 117 of the RSA Mobile 1.5 Planning Deployment and Installation guide, where it explains what the values are, but the true nature of the value may not be apparent.
RSA Mobile has the concept of a "userid", a value an end user types at a login screen when they visit a Web site protected by RSA Mobile. RSA Mobile needs to know how to find this value inside its datastore, and so has a mapping to some value in the store by means of the "USERID_ATTR".
It is very likely that the "cn" value you are creating users with in the directory server will match what you want for RSA Mobile login IDs. Therefore, it is correct that changing to "USERID_ATTR=cn" is a good idea. However, it is possible that in the directory server, users will look as follows:
dn: cn=John Doe, ou=RSAMobileUsers, o=Acme Banking Corp
cn=John Doe
Surname=Doe
Firstname=John
uid=jdoe
Here, the directory server (and maybe other applications including the Administrator names in RSA Mobile) generate names with a "friendly" cn value. However, also notice that a uid value has been created by an administrator at the same time, specifically to set as "loginID" for any applications that want a short value.
As another example, lets say users will login using a back account number - you might have this:
USERID_ATTR=account
BINDING_ATTR=cn
And a user set up in the directory server like this:
dn: cn=John Doe, ou=RSAMobileUsers, o=Acme Banking Corp
cn=John Doe
Surname=Doe
Firstname=John
account=0098573532904
So the directory server would see you as "cn=John Doe, ou=RSAMobileUsers, o=Acme Banking Corp". If you were an RSA mobile administrator, you would have been added as:
configtool ADMINFULLADMIN John Doe
But if you connected to a Web site, your userID on the Web page would be "0098573532904".
Related Articles
Important information on upgrading to Sentry CA 3.7 from a previous version. Number of Views Remove the attribute ID and attribute name appended to the user RADIUS attribute in RSA Authentication Manager 8.x Number of Views A device has changed from Unknown to a known device type and there is data that needs to be migrated. Number of Views How to create and manage Entitlement Attributes through the User Interface in RSA Identity Governance & Lifecycle Number of Views RSA Identity Governance and Lifecycle Access Fulfillment Express (AFX) command output parameters do not work if the attrib… Number of Views
Trending Articles
Downloading RSA Authentication Manager license files or RSA Software token seed records RSA MFA Agent 2.3.6 for Microsoft Windows Installation and Administration Guide Quick Setup Guide - Passwordless Authentication in Windows MFA Agent for Active Directory Mandatory Certificate Upgrade Required by 6th October 2025 for RSA MFA Agent for PAM, RSA MFA Agent for Apache, and Third … RSA Authentication Manager 8.9 Release Notes (January 2026)
Don't see what you're looking for?
