Customize Attribute Settings - No Changes

Hello Guys,

i am still learning to manage Access Rights Manager. I would like to customize the AD attributes, especially the IsRequired option, but it does not work yet.

Currently i am able to create a user account, even when i dont type in a givenname or sn, so the IT department wants to force the employees to type in a givenname and a sn.

Now i looked into the Administration guide and it says, that i have to edit the pnServer.config.xml

the example in the administration guide says:

<streetAddress>

   <IsRequired type="System.String">true</IsRequired>

</streetAddress>

So i edited my pnserver.config.xml with notepad ++ and typed in the following:

<givenname>

  <IsRequired type="System.String">true</IsRequired>

</givenname>

I typed it in under the <credentials> part, where my domain, service account is shown.

After this, i saved the xml file and restarted the ARM Service.

When i open the ARM Console now (not the Webclient), i am still able to create a user account, even when i dont type in any givenname. in Active Directory the account does not have a givenname then.

So what am i doing wrong? I dont have configured any templates yet and my pnserver.config file was default.

Hope u guys can give me some advice.

Thanks!

  • Hi Leo, the credentials tag is not the right place for this configuration. 

    Here is an example config for some context:

    <config>
    <changeConfiguration>
    <activeDirectory>
    <PropertiesToLoad type="System.String">lockoutTime;streetAddress;postalCode;l;telephoneNumber;proxyAddresses;thumbnailphoto;wWWHomePage;jpegphoto</PropertiesToLoad>
    <PropertiesDetails>
    <proxyAddresses>
    <AliasDisplayName type="System.String">proxyAddressesMV</AliasDisplayName>
    <TypeInfo type="System.String">System.String[]</TypeInfo>
    <AttributeEditType type="System.String">StringMultiValue</AttributeEditType>
    <IsChangeable type="System.String">true</IsChangeable>
    </proxyAddresses>
    <l>
    <AliasDisplayName type="System.String">Ort</AliasDisplayName>
    <AllowOnlyDefinedValues type="System.String">true</AllowOnlyDefinedValues>
    <Essential type="System.String">true</Essential>
    <DefinedValues type="System.String">Berlin;Cork;Brno;Austin</DefinedValues>
    </l>
    <postalCode>
    <AllowOnlyDefinedValues type="System.String">true</AllowOnlyDefinedValues>
    <DefinedValues type="System.String">10456;T12;64802;78708</DefinedValues>
    <Essential type="System.String">true</Essential>
    </postalCode>
    <streetAddress>
    <AllowOnlyDefinedValues type="System.String">true</AllowOnlyDefinedValues>
    <DefinedValues type="System.String">Hauptstraße 45;Main Street 23;Mozartova 8;Main Avenue 71</DefinedValues>
    <Essential type="System.String">true</Essential>
    </streetAddress>
    <telephoneNumber>
    <CreationRule type="System.String">+49 12345 678-</CreationRule>
    </telephoneNumber>
    <thumbnailphoto>
    <IsChangeable type="System.String">false</IsChangeable>
    <IsInitialConfigurable type="System.String">false</IsInitialConfigurable>
    <AliasDisplayName type="System.String">Foto</AliasDisplayName>
    </thumbnailphoto>
    <jpegphoto>
    <IsChangeable type="System.String">false</IsChangeable>
    <IsInitialConfigurable type="System.String">false</IsInitialConfigurable>
    <AliasDisplayName type="System.String">Foto Alternativ</AliasDisplayName>
    </jpegphoto>
    </PropertiesDetails>
    </activeDirectory>
    </changeConfiguration>

    ...

    </config>

    Note that "<Essential..." is the same as "<IsRequired...".

    Depending on your scenario it might make more sense to just create a custom template instead of trying to configure the default templates to your liking.