Environment
Self Service Password Reset 4.4
Situation
SSPR New User Registration creates user objects with random values.
Need the ability to force user object names to specific values
Resolution
Follow the steps below to setup New User Registration with user supplied information.
1. Enable the New User Registration module.
2.
Configure New User Registration settings. By default the user is
prompted for their email address, first name, and last name. Note the
attributes in the LDAP directory.
In this example we are pointing to an Active Directory server. With other LDAP types the attributes may be different.
3.
By default the new user registration process will create a user with a
random name to ensure no duplicates are generated. In cases where you
want to use the information provided by the user, the settings will need
to be adjusted.
In this example we will change the default
behavior to create the user with their first name followed by the last
name. Modify the setting LDAP Entry ID Definition to represent the value
you would like for the user name object in the LDAP directory.
Use
Macros to define the value. Here we use two macros (@LDAP:givenName@)
and (@LDAP:sn@). This results in the user object being named to what the
user typed into the First Name and Last Name fields of the new user
form. IE. TestUser
Also note that the setting LDAP Entry ID references the LDAP Naming Attribute defined in the LDAP profile. (LDAP ⇨ LDAP Directories ⇨ [profile] ⇨ User Attributes ⇨ LDAP Naming Attribute)
4.
By default SSPR will create a random object ID to use as the
pre-Windows 2000 logon name. To have SSPR resolve this issue we need to
create a post LDAP action to rename this value to the desired name.
We first need to identify the attribute that needs to be modified.
In
the screenshot below we used SLAnalyzer's LDAP browser to read the
attributes of a newly created user. We find that the attribute name is
samaccountname.
Note: SLAnalyzer is a diagnostic tool provided
by Micro Focus technical support and can be downloaded from
ftp://ftp.novell.com/pub/SLAnalyzer/SLAnalyzer.exe
5.
Now we need to create the post LDAP action. Click the Add Action button
under the New User Actions section. Name the action with a meaningful
name.
In our example we use RenameUser.
6.
Now we need to define the action to be taken. Click the Actions button.
Select the option Add LDAP Action and then enter the attribute and
value you want.
Note make sure you set the Operation Type to Replace (Remove all existing values).
With these changes in place we can see the user is created with the desired account name. (first name + last name)