ID Generation

The ID Generation feature enables you to automatically generate user or group IDs for new users or groups on the Subscriber channel. The user or group ID is a unique number that identifies the user or group to the host UNIX system.

A range for ID generation can be configured in the driver parameter. The driver generates IDs based on the minimum and maximum value provided in the range for add events only. If the driver fails and is restarted, the ID generated will be an increment of the previous value. During subsequent driver startups, if there is a change in the specified range, the driver generates IDs based on the new range.

:   Only a single driver must be configured for ID generation of a UID or GID for a particular user or group.

To configure ID Generation for users or groups during the driver startup:

  1. Use the steps in Setting Up the Driver. Select Yes for Steps 17 and 23 while setting up the driver.

To configure ID generation for users or groups while a driver is running:

  1. Select the driver in the driver set.

  2. Select the Driver Parameters tab.

  3. Specify Yes for Allow UID Generation.

  4. Specify Yes for Allow GID Generation.

  5. Edit the Create Rule policy of the Subscriber channel to replace the following line for user ID generation: 

    <do-veto-if-op-attr-not-available name="uidNumber"/>

    with 

    <!--<do-veto-if-op-attr-not-available name="uidNumber"/>-->

  6. Replace the following line in the class-name=group for group ID generation:

    <do-veto-if-op-attr-not-available name="gidNumber"/>

    with

    <!--<do-veto-if-op-attr-not-available name="gidNumber"/>-->

    :  This makes the uidNumber and gidNumber non-mandatory attributes in the Create Rule.

  7. Click Apply and Close.

  8. Attach the Account Restrictions policy as the Next Transformation of Matching Rule.

To remove the configuration settings for user or group ID generation:

  1. Select the driver in the driver set.

  2. Select the Driver Parameters tab.

  3. Specify No for Allow UID Generation.

  4. Specify No for Allow GID Generation.

  5. Replace the following line for user ID generation: 

    <!--<do-veto-if-op-attr-not-available name="uidNumber"/>-->

    with 

    <do-veto-if-op-attr-not-available name="uidNumber"/>

  6. Replace the following line for group id generation:

    <!--<do-veto-if-op-attr-not-available name="gidNumber"/>-->

    with

    <do-veto-if-op-attr-not-available name="gidNumber"/>

  7. Click Apply and Close.

  8. Attach the Account Restrictions policy as the Next Transformation of Event Restrictions.