Contents x
    Global Attribute List
    • 26 Jun 2023
    • 3 Minutes to read
    • Print
    • Dark
      Light
    Contents

    Global Attribute List

    • Updated on 26 Jun 2023
    • 3 Minutes to read
    • Print
    • Dark
      Light
    Article Summary

    Global Attribute List

    The Global Attribute List (GAL) defines LDAP attributes used in various places within the RapidIdentity UI, and adds type constraints that affect the behavior of RapidIdentity when it interacts with the values of these attributes.

    To view and/or edit the GAL, navigate to Configuration > Systems > Metadirectory > Global Attribute List

    image.png

    GAL Table Columns

    Column NameDescription
    (Checkbox)Select this checkbox to select a specific GAL item. A list of available Actions will display in the bottom Action Menu
    EllipsisDisplays Actions that can be performed for the attribute, Details or Delete
    LDAP AttributeThe LDAP Attribute name
    SearchableWhether this attribute may be included in various basic LDAP searches performed by RapidIdentity
    Allow Multiples ValuesWhether the attribute should be allowed to have multiple values.

    NOTE: LDAP attributes that are defined as single-valued in the directory schema should never be allowed to have multiple values.
    Global FilterDeprecated
    TypeFormat of the attribute. More information on these is provided in GAL Attribute Types.

    Attribute Details

    Click the Ellipsis and select Details to view or edit attribute information

    image.png

    GAL Attribute Types

    When setting up an Attribute in the Global Attribute List, you will need to define an Attribute Type. These provide a level of detail that associates attributes with various forms of validation and display formats. The Attribute Type selected needs to align with the associated directory attribute value.

    Note:

    If a directory attribute is expecting a DN type, make sure you select the DN type for that attribute in the GAL to avoid having issues later on. The GAL does not value the types and requires awareness of the underlying directory schema configuration.

    Boolean: The attribute can be set as TRUE, FALSE. Some cases allow NULL, which is equivalent to FALSE.

    Date: Stores a Date value as a timestamp in ISO-8601 date string format (Example: 2020-10-31).

    Date (Legacy): Stores a DateTime value as a timestamp in milliseconds, as recognized by various programming languages (Example: 1604352328032). (Not recommended - use DateTime or Date instead.)

    Date Time: Stores a DateTime value as a timestamp in ISO-8601 date string format. This includes a Time component to add to the Date component (Example: 20201031152521Z)

    DN: The full Distinguished Name. This aligns with directory attributes that expect to have a DN value stored. If you create a GAL item with this type and try to store a string instead of the DN for a user, you will get an LDAP error.

    Note:

    This attribute has an additional, optional configuration: When you select a DN type, a new field appears in the configuration called Display Template. This allows administrators to formally define how this value is presented in the UI. These allow a DN (e.g., cn=4ed4f8cd-7dd6-4ae3-bde6-0c64a60a6a50,ou=Employees,ou=Workforce,ou=Internal,ou=Accounts,dc=meta) to be replaced with one or more values like first and last name (e.g., Display Template =%givenName% %sn% and transformed value John Smith). Display Template syntax will vary by directory type.

    Email Address: An email address.

    Note:

    Selecting this attribute type makes that attribute value clickable in the UI and enables the sendto: capability for launching an email client.

    Dynamic List: List typically populated via a Connect Action Set that allows for dynamic data. See Configuring a Dynamic List Attribute for more details.

    List: Static list of key-value pairs that are defined when the GAL item is created.

    String: Any characters needed to satisfy the requirement.

    Note:

    This attribute type uses a text field and may constrains the displayed value based on the LDAP directory's configuration of the specific associated LDAP attribute. This is not recommended for attributes with long descriptions.

    Multi-Line String: Multiple lines of string types are allowed in this attribute.

    Note:

    This attribute type provides a better display handling of attributes with lots of text, as it does not constrain displayed values like the String type does. It also enables word wrap in a text area when editing.

    Password: This value is stored encrypted in the directory.

    Phone Number: This value represents a phone number and formats accordingly, i.e., (XXX) YYY-ZZZZ.

    Null: Represents a null value.

    Note:

    This attribute type is used in areas where a GAL item must be selected but has no value.

    Was this article helpful?
    Related articles
    What's Next