Adapter attributes and object classes

Adapter attributes and object classes are required for customization, creating provisioning rules, and understanding what service/target attributes are supported by the adapter. The IBM® Security Identity server communicates with the adapter by using attributes, which are included in transmission packets that are sent over a network.

The combination of attributes, depends on the type of action that the IBM Security Identity server requests from the adapter.

Table 1. Account form attributes, descriptions, permissions, and applicable operating systems
Attribute Description Permissions Operating systems
erUid Specifies the login name and user name. Read and Write AIX®

Linux NonShadow

Linux Shadow

HP-UX-Trusted

HP-UX-Nontrusted

Solaris

erPosixUid Specifies the user ID. Read and Write AIX

Linux NonShadow

Linux Shadow

HP-UX-Trusted

HP-UX-Nontrusted

Solaris

erPosixDupUid Specifies that a non-unique ID can be assigned to the user. Write AIX

Linux NonShadow

Linux Shadow

HP-UX-Trusted

HP-UX-Nontrusted

Solaris

erPosixSudoersPath Specifies the path to the sudoers file on the resource. Write AIX

Linux NonShadow

Linux Shadow

HP-UX-Trusted

HP-UX-Nontrusted

Solaris

erPosixSudoPrivileges Specifies the sudo privileges for the user or group that is associated with the account. Read AIX

Linux NonShadow

Linux Shadow

HP-UX-Trusted

HP-UX-Nontrusted

Solaris

erPosixReturnSudoPrivileges Specifies whether to return sudo privileges during account reconciliation. Write AIX

Linux NonShadow

Linux Shadow

HP-UX-Trusted

HP-UX-Nontrusted

Solaris

erPassword Specifies the password for the account. Read and Write AIX

Linux NonShadow

Linux Shadow

HP-UX-Trusted

HP-UX-Nontrusted

Solaris

erPosixForcePwdChange Specifies whether the user is required to change the login password upon next login. Read and Write AIX

Linux NonShadow

Linux Shadow

HP-UX-Trusted

HP-UX-Nontrusted

Solaris

erPosixMaxPwdAge Specifies the maximum age for a password. Read and Write AIX

Linux Shadow

HP-UX-Trusted

HP-UX-Nontrusted

Solaris

erPosixMinPwdAge Specifies the minimum age for a password. Read and Write AIX

Linux NonShadow

Linux Shadow

HP-UX-Trusted

HP-UX-Nontrusted

Solaris

erPosixPwdMaxRepeats Specifies the maximum repeated characters that are allowed in a password. Read and Write AIX

Linux Shadow

HP-UX-Trusted

Solaris

erPosixPwdWarnAge Specifies the age of a password before a message that warns the user about password expiration is sent. Read and Write AIX

Linux Shadow

HP-UX-Trusted

Solaris

erPosixPwdLastChange Specifies the date on which a password was last changed. Read Linux NonShadow

Linux Shadow

HP-UX-Trusted

HP-UX-Nontrusted

Solaris

erPosixExpireDate Specifies the date on which the account expires. Read and Write AIX

Linux Shadow

HP-UX-Nontrusted

Solaris

erPosixIdleDays Specifies the number of days the account can remain idle before the account is suspended. Read and Write HP-UX-Trusted

Solaris

erPosixGecos Specifies a descriptive comment for the user account.
Note: The back quotation mark character (ˋ) is not allowed.
Read and Write AIX

Linux NonShadow

Linux Shadow

HP-UX-Trusted

HP-UX-Nontrusted

Solaris

erPosixPrimaryGroup Specifies the primary group for the user. Read and Write AIX

Linux NonShadow

Linux Shadow

HP-UX-Trusted

HP-UX-Nontrusted

Solaris

erPosixSecondGroup Specifies the secondary groups for the user. Read and Write AIX

Linux NonShadow

Linux Shadow

HP-UX-Trusted

HP-UX-Nontrusted

Solaris

erPosixHomeDir Specifies the home directory for the user
Note: The back quotation mark character (ˋ) and the semicolon (;) are not allowed.
Read and Write AIX

Linux NonShadow

Linux Shadow

HP-UX-Trusted

HP-UX-Nontrusted

Solaris

erPosixDefaultHomeDir Specifies to create a home directory while the account is created. This attribute does not apply to RHEL. Read and Write Linux NonShadow

Linux Shadow

HP-UX-Trusted

HP-UX-Nontrusted

Solaris

erPosixNPAaccount Specifies that the account has no password. Read and Write HP-UX-Trusted

HP-UX-Nontrusted

Solaris

erPosixPerHomeDir Specifies the permissions for the home directory. Read and Write AIX

Linux NonShadow

Linux Shadow

HP-UX-Trusted

HP-UX-Nontrusted

Solaris

erPosixShell

Specifies the login shell of the user.

The default account shell in the picklist is changed from /bin/csh to /bin/sh on the account form. Any accounts created using the adapter will have the /bin/sh shell unless a different shell is explicitly selected.

Read and Write AIX

Linux NonShadow

Linux Shadow

HP-UX-Trusted

HP-UX-Nontrusted

Solaris

erPosixUmask Specifies the umask. Read and Write AIX

Linux NonShadow

Linux Shadow

HP-UX-Trusted

HP-UX-Nontrusted

Solaris

erPosixLastAccessDate Specifies the date on which the account was last accessed. Read AIX

Linux NonShadow

Linux Shadow

HP-UX-Trusted

HP-UX-Nontrusted

Solaris

erPosixAT Specifies whether AT jobs are allowed. Read and Write AIX

Linux NonShadow

Linux Shadow

HP-UX-Trusted

HP-UX-Nontrusted

Solaris

erPosixCron Specifies whether CRON jobs are allowed. Read and Write AIX

Linux NonShadow

Linux Shadow

HP-UX-Trusted

HP-UX-Nontrusted

Solaris

erPosixPwdMaxAge Specifies the maximum amount of time that a password can be changed after the maximum password age. Read and Write AIX

Linux Shadow

HP-UX-Trusted

erPosixKillUserProcess Specifies whether to end the user sessions when a suspend user request is processed. Write AIX

Linux NonShadow

Linux Shadow

HP-UX-Trusted

HP-UX-Nontrusted

Solaris

erPosixCopyAdpFilesTo Specifies an alternative directory location to store the adapter scripts. The default location is /tmp. Write AIX

Linux NonShadow

Linux Shadow

HP-UX-Trusted

HP-UX-Nontrusted

Solaris

erPosixPreExec Specifies a user-defined command to run before a resource request. Write AIX

Linux NonShadow

Linux Shadow

HP-UX-Trusted

HP-UX-Nontrusted

Solaris

erPosixPreExecRunOption Specifies to run a resource request only if a pre-exec command succeeds. Write AIX

Linux NonShadow

Linux Shadow

HP-UX-Trusted

HP-UX-Nontrusted

Solaris

erPosixPostExec Specifies a user-defined command to run after a resource request. Write AIX

Linux NonShadow

Linux Shadow

HP-UX-Trusted

HP-UX-Nontrusted

Solaris

erPosixPostExecRunOption Specifies to run a user-defined post-exec command only if the resource command succeeds. Write AIX

Linux NonShadow

Linux Shadow

HP-UX-Trusted

HP-UX-Nontrusted

Solaris

erPosixAdminUser Specifies whether the password belongs to an administrator. Read and Write AIX
erPosixAuth1 Specifies the primary authorization methods for a user. Read and Write AIX
erPosixAuth2 Specifies the secondary authorization methods for a user. Read and Write AIX
erPosixDaemonAllowed Specifies whether the user is allowed to run daemon processes. Read and Write AIX
erPosixLoginRetries Specifies the maximum number of unsuccessful logins that are allowed before the account is locked. Read and Write AIX

Suse Linux

HP-UX-Trusted

HP-UX-Nontrusted

Solaris

erPosixSuGroup Specifies the groups whose members can use the su command to switch to this user. Read and Write AIX
erPosixAdmGroups Specifies the groups for which the user is an administrator. Read and Write AIX
erPosixRoles Specifies the roles that the user is assigned. Read and Write AIX
erPosixSuAllowed Specifies whether another user can switch to this user with the su command. Read and Write AIX
erPosixRLoginAllowed Specifies whether the user is allowed to log in remotely with the telnet or rlogin commands. Read and Write AIX
erPosixLoginAllowed Specifies whether the user is allowed to log in to the system with the login command. Read and Write AIX
erAccountStatus Specifies the status of the account. See Account status determination on AIX. Read and Write AIX
erPosixAuditClasses Specifies the list of audit classes for a user. Read and Write AIX
erPosixSoftCore Specifies the soft limit, any value less than the maximum, for the largest core file a user process can create. Read and Write AIX
erPosixHardCore Specifies the largest core file a user process can create. Read and Write AIX
erPosixSoftCPU Specifies the soft limit, any value less than the maximum, for the largest amount of system unit time a user process can use. The time is specified in seconds. Read and Write AIX
erPosixHardCPU Specifies the largest amount of system unit time a user process can use. The time is specified in seconds. Read and Write AIX
erPosixSoftData Specifies the soft limit, any value less than the maximum, for the largest data segment that a user process can contain. Read and Write AIX
erPosixHardData Specifies the limit for the largest data segment that a user process can contain. Read and Write AIX
erPosixSoftFileSize Specifies the soft limit, any value less than the maximum, for the largest file a user process can create. Read and Write AIX
erPosixHardFileSize Specifies the limit for the largest file a user process can create. Read and Write AIX
erPosixLoginTimes Specifies the days and times a user is allowed to log in. Read and Write AIX
erPosixSoftStack Specifies the soft limit, any value less than the maximum, for the largest stack segment for a user process. Read and Write AIX
erPosixHardStack Specifies the limit for the largest stack segment for a user process. Read and Write AIX
erPosixTrustedPath Specifies the trusted path status of the user. Read and Write AIX
erPosixAuthGrammar Specifies the user authentication method. Read and Write AIX
erPosixPwdMinAlphaChar Specifies the minimum number of alphabetic characters in a password. Read and Write AIX
erPosixPwdMinOtherChar Specifies the minimum number of non-alphabetic characters in a password. Read and Write AIX
erPosixPwdMinDiff Specifies the minimum difference in characters that are allowed between passwords. Read and Write AIX
erPosixPwdMinLen Specifies the minimum length for a password. Read and Write AIX
erPosixPwdCheck Specifies whether to check the password in a dictionary. Read and Write AIX
erPosixPwdDiction Specifies the dictionary files to check for the password. Read and Write AIX
erPosixPwdHistory Specifies the number of passwords to be remembered before reuse. Read and Write AIX
erPosixPwdHistoryExpire Specifies the number of weeks that must pass before the password history is erased. Read and Write AIX
erPosixValidTtys Specifies the terminal types through which the user can log in. Read and Write AIX
erPosixRegistry Specifies the registry to be used for authentication. Read and Write AIX
erPosixSoftRss Specifies the soft limit, any value less than the maximum, for the largest amount of physical memory that can be allocated by a user process. This limit is not enforced by the system. Read and Write AIX
erPosixHardRss Specifies the largest amount of physical memory that can be allocated by a user process. This limit is not enforced by the system. Read and Write AIX
erPosixSoftNoFiles Specifies the soft limit, any value less than the maximum, for the number of file descriptors a user process can have open at one time. Read and Write AIX
erPosixHardNoFiles Specifies the maximum number of file descriptors a user process can have open at one time. Read and Write AIX
erPosixHostsAllowedLogin Specifies the workstations to which a user can log in. Read and Write AIX
erPosixerPosixHostsDeniedLogin Specifies the workstations to which a user cannot log in. Read and Write AIX
erPosixDelUserInUse Specifies whether to end the user processes when a delete account request is processed. Read and Write Linux NonShadow

Linux Shadow