Identify which attributes should be used for ConnID attributes:
UID
-
A single-valued attribute that represents the unique identifier of an object within the name-space of the target resource. If possible, this unique identifier also should be immutable. When an application creates an object on a target resource, the create operation returns as its result the Uid of the created object.
NAME
-
A single-valued attribute that represents the user-friendly identifier of an object on a target resource. For instance, the name of an Account will most often be its loginName. The value of Name need not be unique within ObjectClass. In LDAP, for example, the Name could be the Common Name (CN). Contrast this with Uid, which is intended to be a unique identifier (and, if possible, immutable)
ENABLE
-
Gets/ sets the enable status of an object.
ENABLE_DATE
-
Gets/ sets the enable date for an object.
LOCK_OUT
-
Gets/ sets the lock out attribute for an object.
PASSWORD_EXPIRATION_DATE
-
Gets/ sets the password expired for an object.
PASSWORD
-
Normally this is a write-only attribute. Sets the password for an object.
FORCE_PASSWORD_CHANGE
-
Gets/ sets flag that forces immediate password change by the user (e. g. during next log on). This can be used to set temporary password and the force user to change it to a permanent password.
SHORT_NAME
-
Attribute that should hold a reasonable value for an application to display as a label for an object. If
SHORT_NAME
is not present, then the application should use the value of theNAME`
attribute as a label. DESCRIPTION
-
Attribute that should hold the value of the object’s description, if one is available.
LAST_PASSWORD_CHANGE_DATE
-
Read-only attribute that shows the last date/ time the password was changed.
PASSWORD_CHANGE_INTERVAL
-
Common password policy attribute where the password must be changed every so often.
LAST_LOGIN_DATE
-
Last login date for an account. This is usually used to determine inactivity.