Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


System attributeDescription
sAMAccontNameIs automatically be mapped. It is internally mapped to role name or account name, without further customization

Sets the last date (in nanoseconds since 1600) in which the account will be valid. A common mapping expression is:

if ( attributes {"expirationDate"} == null)

   return 9223372036854775807L;


   return attributes{"expirationDate"}.getTime() * 10000L + 116445528000000000L;

samAccountTypeCan be used to identify distribution lists. A value of 268435457 or 268435456 means the AD group is a distribution list group rather than a security group.

Attribute can be used to get the last time an account was used. Soffid attribute is named lastLogin and a right mapping could be the following one. Mind when you make a reference to lastLogon attribute, each and every domain controller is queried about this attribute, as its value is not replicated across AD controllers:

if ( lastLogon == null || lastLogon == void) return null;
Long v = Long.decode(lastLogon);
v = v / 10000000L;
return new Date(v*1000);




For more information about how you may configure attribute mapping, see the following link: Soffid Attribute Mapping Reference