LDAP attributes

<< Click to Display Table of Contents >>

Navigation:  Bizagi Studio > Security definition > Work Portal Security > Authentication > LDAP Authentication > Importing LDAP Users >

LDAP attributes

The following article presents a brief description of common LDAP attributes.

Such attributes can be mapped directly into Bizagi's WFUser System Entity's attributes through the LDAP synchronization feature.

For more information about this feature, refer to Importing LDAP Users.

 

Refer to the table below to view how to address attributes in your LDAP Server as information possibly useful in your Bizagi end users.

For further and official information about LDAP attributes and the filtering possibilities, refer to Microsoft guides at http://social.technet.microsoft.com/wiki/contents/articles/5392.active-directory-ldap-syntax-filters.aspx.

 

LDAP Attribute (alphabetically)

Description / example

c

Stands for country or region.

Most likely to contain a two-letter ISO country code.

Example: c=DE

cn

Stands for common name.

Composed from the givenName attribute, concatenated to the SN attribute.

Example: CN=Guy Thomas.

company

Stands for Company (or organization name).

description

The description seen in LDAP Users and Computers.

Not to be confused with displayName.

displayName

If you script this property, be sure you understand which field you are configuring.

Often, displayName can be confused with CN or description.

dc

Stands for domain component, which means that this string holds one component, a label of a DNS domain name.

Example: DC=cp, DC=com

dn

Stands for distinguished name.

Composed from the CN attribute and additional organization information.

Example: CN=Guy Thomas, OU= Newport,DC=cp,DC=com

givenName

Refers to the Firstname.

Example: givenName=Guy

name

The same as CN.

objectCategory

Defines the Schema category.

Example: objectClass=Person

objectClass

Also used for Computer, organizationalUnit, even container. Important top level container.

Example: objectClass=User.

ou

Defines the Organizational unit.

Example: OU=Newport

physicalDeliveryOfficeName

Defines the Office on the user's General property sheet.

sAMAccountName

Old NT 4.0 logon name, must be unique in the domain.

Can be confused with CN.

Example: sAMAccountName=guyt

sn

Stands for surname (or last name).

Example: SN=Thomas.

st

Contains the State or province.

Example: ST=California.

street

Contains the address (first line).

Example: street=15 Main St.

telephoneNumber

Contains phone numbers (it is multi-valued).

Example: telephoneNumber=+1 234 567 8901

userAccountControl

Used to disable an account.

A value of 514 disables the account, while 512 makes the account ready for logon.

userPrincipalName

Often abbreviated to UPN, and looks like an email address. Very useful for logging on especially in a large Forest. Note UPN must be unique in the forest.

Example: userPrincipalName=guyt@CP.com

 

 

 

Refer to the table below to view other attributes which are found in Exchange:

 

Exchange Attribute

Description

homeMDB

Here is where you set the MailStore

legacyExchangeDN

Legacy distinguished name for creating Contacts. In the following example, Guy Thomas is a Contact in the first administrative group of GUYDOMAIN: /o=GUYDOMAIN/ou=first administrative group/cn=Recipients/cn=Guy Thomas

mail

An easy, but important attribute.

A simple SMTP address is all that is required billyn@ourdom.com

mailNickname

Normally this is the same value as the sAMAccountName, but could be different if you wished. Needed for mail enabled contacts.

mDBUseDefaults

Another straightforward field, just the value to:True

msExchHomeServerName

Exchange needs to know which server to deliver the mail. Example:

/o=YourOrg/ou=First Administrative Group/cn=Configuration/cn=Servers/cn=MailSrv

proxyAddresses

As the name 'proxy' suggests, it is possible for one recipient to have more than one email address. Note the plural spelling of proxyAddresses.

targetAddress

SMTP:@ e-mail address.  Note that SMTP is case sensitive.

All capitals means the default address.

showInAddressBook

Displays the contact in the Global Address List.