Adapter attributes and object classes
Adapter attributes and object classes are required for customization, creating provisioning rules, and understanding what service/target attributes are supported by the adapter. The IBM® Security Identity server communicates with the adapter by using attributes, which are included in transmission packets that are sent over a network.
The combination of attributes, depends on the type of action that the IBM Security Identity server requests from the adapter.
| Attribute | Description | Permissions | Operating systems |
|---|---|---|---|
| erUid | Specifies the login name and user name. | Read and Write | AIX® Linux NonShadow Linux Shadow HP-UX-Trusted HP-UX-Nontrusted Solaris |
| erPosixUid | Specifies the user ID. | Read and Write | AIX Linux NonShadow Linux Shadow HP-UX-Trusted HP-UX-Nontrusted Solaris |
| erPosixDupUid | Specifies that a non-unique ID can be assigned to the user. | Write | AIX Linux NonShadow Linux Shadow HP-UX-Trusted HP-UX-Nontrusted Solaris |
| erPosixSudoersPath | Specifies the path to the sudoers file on the resource. | Write | AIX Linux NonShadow Linux Shadow HP-UX-Trusted HP-UX-Nontrusted Solaris |
| erPosixSudoPrivileges | Specifies the sudo privileges for the user or group that is associated with the account. | Read | AIX Linux NonShadow Linux Shadow HP-UX-Trusted HP-UX-Nontrusted Solaris |
| erPosixReturnSudoPrivileges | Specifies whether to return sudo privileges during account reconciliation. | Write | AIX Linux NonShadow Linux Shadow HP-UX-Trusted HP-UX-Nontrusted Solaris |
| erPassword | Specifies the password for the account. | Read and Write | AIX Linux NonShadow Linux Shadow HP-UX-Trusted HP-UX-Nontrusted Solaris |
| erPosixForcePwdChange | Specifies whether the user is required to change the login password upon next login. | Read and Write | AIX Linux NonShadow Linux Shadow HP-UX-Trusted HP-UX-Nontrusted Solaris |
| erPosixMaxPwdAge | Specifies the maximum age for a password. | Read and Write | AIX Linux Shadow HP-UX-Trusted HP-UX-Nontrusted Solaris |
| erPosixMinPwdAge | Specifies the minimum age for a password. | Read and Write | AIX Linux NonShadow Linux Shadow HP-UX-Trusted HP-UX-Nontrusted Solaris |
| erPosixPwdMaxRepeats | Specifies the maximum repeated characters that are allowed in a password. | Read and Write | AIX Linux Shadow HP-UX-Trusted Solaris |
| erPosixPwdWarnAge | Specifies the age of a password before a message that warns the user about password expiration is sent. | Read and Write | AIX Linux Shadow HP-UX-Trusted Solaris |
| erPosixPwdLastChange | Specifies the date on which a password was last changed. | Read | Linux NonShadow Linux Shadow HP-UX-Trusted HP-UX-Nontrusted Solaris |
| erPosixExpireDate | Specifies the date on which the account expires. | Read and Write | AIX Linux Shadow HP-UX-Nontrusted Solaris |
| erPosixIdleDays | Specifies the number of days the account can remain idle before the account is suspended. | Read and Write | HP-UX-Trusted Solaris |
| erPosixGecos | Specifies a descriptive comment for the user
account. Note: The back quotation mark character (ˋ) is not allowed.
|
Read and Write | AIX Linux NonShadow Linux Shadow HP-UX-Trusted HP-UX-Nontrusted Solaris |
| erPosixPrimaryGroup | Specifies the primary group for the user. | Read and Write | AIX Linux NonShadow Linux Shadow HP-UX-Trusted HP-UX-Nontrusted Solaris |
| erPosixSecondGroup | Specifies the secondary groups for the user. | Read and Write | AIX Linux NonShadow Linux Shadow HP-UX-Trusted HP-UX-Nontrusted Solaris |
| erPosixHomeDir | Specifies the home directory for the user Note: The
back quotation mark character (ˋ) and the semicolon (;) are not allowed.
|
Read and Write | AIX Linux NonShadow Linux Shadow HP-UX-Trusted HP-UX-Nontrusted Solaris |
| erPosixDefaultHomeDir | Specifies to create a home directory while the account is created. This attribute does not apply to RHEL. | Read and Write | Linux NonShadow Linux Shadow HP-UX-Trusted HP-UX-Nontrusted Solaris |
| erPosixNPAaccount | Specifies that the account has no password. | Read and Write | HP-UX-Trusted HP-UX-Nontrusted Solaris |
| erPosixPerHomeDir | Specifies the permissions for the home directory. | Read and Write | AIX Linux NonShadow Linux Shadow HP-UX-Trusted HP-UX-Nontrusted Solaris |
| erPosixShell |
Specifies the login shell of the user. The default account shell in the picklist is changed from /bin/csh to /bin/sh on the account form. Any accounts created using the adapter will have the /bin/sh shell unless a different shell is explicitly selected. |
Read and Write | AIX Linux NonShadow Linux Shadow HP-UX-Trusted HP-UX-Nontrusted Solaris |
| erPosixUmask | Specifies the umask. | Read and Write | AIX Linux NonShadow Linux Shadow HP-UX-Trusted HP-UX-Nontrusted Solaris |
| erPosixLastAccessDate | Specifies the date on which the account was last accessed. | Read | AIX Linux NonShadow Linux Shadow HP-UX-Trusted HP-UX-Nontrusted Solaris |
| erPosixAT | Specifies whether AT jobs are allowed. | Read and Write | AIX Linux NonShadow Linux Shadow HP-UX-Trusted HP-UX-Nontrusted Solaris |
| erPosixCron | Specifies whether CRON jobs are allowed. | Read and Write | AIX Linux NonShadow Linux Shadow HP-UX-Trusted HP-UX-Nontrusted Solaris |
| erPosixPwdMaxAge | Specifies the maximum amount of time that a password can be changed after the maximum password age. | Read and Write | AIX Linux Shadow HP-UX-Trusted |
| erPosixKillUserProcess | Specifies whether to end the user sessions when a suspend user request is processed. | Write | AIX Linux NonShadow Linux Shadow HP-UX-Trusted HP-UX-Nontrusted Solaris |
| erPosixCopyAdpFilesTo | Specifies an alternative directory location to store the adapter scripts. The default location is /tmp. | Write | AIX Linux NonShadow Linux Shadow HP-UX-Trusted HP-UX-Nontrusted Solaris |
| erPosixPreExec | Specifies a user-defined command to run before a resource request. | Write | AIX Linux NonShadow Linux Shadow HP-UX-Trusted HP-UX-Nontrusted Solaris |
| erPosixPreExecRunOption | Specifies to run a resource request only if a pre-exec command succeeds. | Write | AIX Linux NonShadow Linux Shadow HP-UX-Trusted HP-UX-Nontrusted Solaris |
| erPosixPostExec | Specifies a user-defined command to run after a resource request. | Write | AIX Linux NonShadow Linux Shadow HP-UX-Trusted HP-UX-Nontrusted Solaris |
| erPosixPostExecRunOption | Specifies to run a user-defined post-exec command only if the resource command succeeds. | Write | AIX Linux NonShadow Linux Shadow HP-UX-Trusted HP-UX-Nontrusted Solaris |
| erPosixAdminUser | Specifies whether the password belongs to an administrator. | Read and Write | AIX |
| erPosixAuth1 | Specifies the primary authorization methods for a user. | Read and Write | AIX |
| erPosixAuth2 | Specifies the secondary authorization methods for a user. | Read and Write | AIX |
| erPosixDaemonAllowed | Specifies whether the user is allowed to run daemon processes. | Read and Write | AIX |
| erPosixLoginRetries | Specifies the maximum number of unsuccessful logins that are allowed before the account is locked. | Read and Write | AIX Suse Linux HP-UX-Trusted HP-UX-Nontrusted Solaris |
| erPosixSuGroup | Specifies the groups whose members can use the su command to switch to this user. | Read and Write | AIX |
| erPosixAdmGroups | Specifies the groups for which the user is an administrator. | Read and Write | AIX |
| erPosixRoles | Specifies the roles that the user is assigned. | Read and Write | AIX |
| erPosixSuAllowed | Specifies whether another user can switch to this user with the su command. | Read and Write | AIX |
| erPosixRLoginAllowed | Specifies whether the user is allowed to log in remotely with the telnet or rlogin commands. | Read and Write | AIX |
| erPosixLoginAllowed | Specifies whether the user is allowed to log in to the system with the login command. | Read and Write | AIX |
| erAccountStatus | Specifies the status of the account. See Account status determination on AIX. | Read and Write | AIX |
| erPosixAuditClasses | Specifies the list of audit classes for a user. | Read and Write | AIX |
| erPosixSoftCore | Specifies the soft limit, any value less than the maximum, for the largest core file a user process can create. | Read and Write | AIX |
| erPosixHardCore | Specifies the largest core file a user process can create. | Read and Write | AIX |
| erPosixSoftCPU | Specifies the soft limit, any value less than the maximum, for the largest amount of system unit time a user process can use. The time is specified in seconds. | Read and Write | AIX |
| erPosixHardCPU | Specifies the largest amount of system unit time a user process can use. The time is specified in seconds. | Read and Write | AIX |
| erPosixSoftData | Specifies the soft limit, any value less than the maximum, for the largest data segment that a user process can contain. | Read and Write | AIX |
| erPosixHardData | Specifies the limit for the largest data segment that a user process can contain. | Read and Write | AIX |
| erPosixSoftFileSize | Specifies the soft limit, any value less than the maximum, for the largest file a user process can create. | Read and Write | AIX |
| erPosixHardFileSize | Specifies the limit for the largest file a user process can create. | Read and Write | AIX |
| erPosixLoginTimes | Specifies the days and times a user is allowed to log in. | Read and Write | AIX |
| erPosixSoftStack | Specifies the soft limit, any value less than the maximum, for the largest stack segment for a user process. | Read and Write | AIX |
| erPosixHardStack | Specifies the limit for the largest stack segment for a user process. | Read and Write | AIX |
| erPosixTrustedPath | Specifies the trusted path status of the user. | Read and Write | AIX |
| erPosixAuthGrammar | Specifies the user authentication method. | Read and Write | AIX |
| erPosixPwdMinAlphaChar | Specifies the minimum number of alphabetic characters in a password. | Read and Write | AIX |
| erPosixPwdMinOtherChar | Specifies the minimum number of non-alphabetic characters in a password. | Read and Write | AIX |
| erPosixPwdMinDiff | Specifies the minimum difference in characters that are allowed between passwords. | Read and Write | AIX |
| erPosixPwdMinLen | Specifies the minimum length for a password. | Read and Write | AIX |
| erPosixPwdCheck | Specifies whether to check the password in a dictionary. | Read and Write | AIX |
| erPosixPwdDiction | Specifies the dictionary files to check for the password. | Read and Write | AIX |
| erPosixPwdHistory | Specifies the number of passwords to be remembered before reuse. | Read and Write | AIX |
| erPosixPwdHistoryExpire | Specifies the number of weeks that must pass before the password history is erased. | Read and Write | AIX |
| erPosixValidTtys | Specifies the terminal types through which the user can log in. | Read and Write | AIX |
| erPosixRegistry | Specifies the registry to be used for authentication. | Read and Write | AIX |
| erPosixSoftRss | Specifies the soft limit, any value less than the maximum, for the largest amount of physical memory that can be allocated by a user process. This limit is not enforced by the system. | Read and Write | AIX |
| erPosixHardRss | Specifies the largest amount of physical memory that can be allocated by a user process. This limit is not enforced by the system. | Read and Write | AIX |
| erPosixSoftNoFiles | Specifies the soft limit, any value less than the maximum, for the number of file descriptors a user process can have open at one time. | Read and Write | AIX |
| erPosixHardNoFiles | Specifies the maximum number of file descriptors a user process can have open at one time. | Read and Write | AIX |
| erPosixHostsAllowedLogin | Specifies the workstations to which a user can log in. | Read and Write | AIX |
| erPosixerPosixHostsDeniedLogin | Specifies the workstations to which a user cannot log in. | Read and Write | AIX |
| erPosixDelUserInUse | Specifies whether to end the user processes when a delete account request is processed. | Read and Write | Linux NonShadow Linux Shadow |