LDAP AD schema of integration data

The integration data schema defines what data is imported within the LDAP AD integration. In this section:

Account
- Mandatory and available on Creation \ Update
- Other account properties
Resource Types
- LdapServer
Permission Type

Account

The user class objects are imported from LDAP AD and displayed as the Account objects in ObserveID. The attributes of the user class are displayed as Additional Properties objects of the Account. There are two types of Additional Properties of LDAP AD Accounts: built-in Additional Properties, existed in LDAP AD by default, and custom Additional Properties, created by the user in LDAP AD. The account schema below describes only the built-in properties.

Some Additional Properties can be required on the creation of an account and that is often accounted for the requirements of the Target system. Other Additional Properties can be allowed, and if needed, established for an account when it is created. This information is displayed in the On Creation column. There are also Additional Properties that are allowed to be updated with the Identities Update workflow. If an Additional Property can be updated is displayed in the On Update column.

Mandatory and available on Creation \ Update

Account Property	Type	Description	Provisioning Rule	On Creation	On Update
Country Code	String	Country/region code for the user's language of choice.	Set	Allowed	Allowed
Department	String	Name for the department in which the user works.	Set	Allowed	Allowed
description	String		Set	Allowed	Allowed
displayName	String	Display name for an object. This is usually the combination of the users first name, middle initial, and last name.	Set	Allowed	Allowed
employeeNumber	String		Set	Allowed	Allowed
employeeType	String		Set	Allowed	Allowed
givenName	String	Given name (first name) of the user.	Set	Required	Allowed
Manager	String	Distinguished name of the user who is the user's manager.	Set	Allowed	Allowed
Name	String	Name of the user. In provisioning from ObserveID, `Name` and `sAMAccountName` are established identically unique.	Set	Required	Allowed
o	Strings		Set	Allowed	Allowed
objectClass	Strings	Classes from which this class is derived.	Set	Required	Not supported
objectType	String		Set	Allowed	Allowed
ou	Strings		Set	Allowed	Allowed
preferredServer	String		Set	Allowed	Allowed
primaryGroupDN	String		Set	Allowed	Allowed
sn	String		Set	Required	Not supported
title	Strings		Set	Allowed	Allowed

Other account properties

Other account properties represent information that comes from the target ‘as is’.

Account Property	Type	Description	Provisioning Rule	On Creation	On Update
Account Expires	DateTime	Date when the account expires.	n/a	n/a	n/a
cn	String		n/a	n/a	n/a
distinguishedName	String		n/a	n/a	n/a
Last Logon	DateTime		n/a	n/a	n/a
Last Logon Timestamp	DateTime		n/a	n/a	n/a
objectguid	String		n/a	n/a	n/a
objectSid	String		n/a	n/a	n/a
Password Last Set	DateTime		n/a	n/a	n/a
sAMAccountName	String	Enforced uniqueness of the user name.	n/a	n/a	n/a
uid	Strings		n/a	n/a	n/a
When Changed	DateTime	Date when this object was last changed.	n/a	n/a	n/a
When Created	DateTime	Date when this object was created.	n/a	n/a	n/a

Resource Types

The resource objects are imported from LDAP AD and displayed as the resources of the LDAP AD integration in ObserveID. Each resource is represented with a resource type. The attributes of the resource are displayed in ObserveID as Additional Properties of a resource according to the resource type.

Resource Property	Type	Description
LdapServer
Name	String	Name is taken from the Address field of the integration configuration.

Permission Type

The group class objects are imported from LDAP and displayed as the Group permission type objects in ObserveID. The attributes of the group class are displayed as Additional Properties objects of the Group permission type.

Permission Property	Type	Description
Description	String	Description of the group.
MemberOf	Strings	Users assigned to the group.