Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

System attributeDescription
sAMAccontNameIs automatically be mapped. It is internally mapped to role name or account name, without further customization
accountExpres

Sets the last date (in nanoseconds since 1600) in which the account will be valid. A common mapping expression is:

if ( attributes {"expirationDate"} == null)

   return 9223372036854775807L;

else

   return attributes{"expirationDate"}.getTime() * 10000L + 116445528000000000L;

samAccountTypeCan be used to identify distribution lists. A value of 268435457 or 268435456 means the AD group is a distribution list group rather than a security group.
lastLogon

Attribute can be used to get the last time an account was used. Soffid attribute is named lastLogin and a right mapping could be the following one. Mind when you make a reference to lastLogon attribute, each and every domain controller is queried about this attribute, as its value is not replicated across AD controllers:


if ( lastLogon == null || lastLogon == void) return null;
Long v = Long.decode(lastLogon);
v = v / 10000000L;
v-=11644473600L;
return new Date(v*1000);

=>

lastLogin

Info

For more information about how you may configure attribute mapping, see the following link: Soffid Attribute Mapping Reference

...