LDAP equivalent for Novell eDirectory type 'STREAM' attribute

  • 7018327
  • 28-Nov-2016
  • 29-Nov-2016


NetIQ Access Manager 4.x
NetIQ eDirectory 8.x


When implementing an User Store for OAuth 2.0 OpenIDConnect in NetIQ access Manager 4.x using an 3rd party LDAP Server, an Attribute to store user consent might have to be defined. When using NetIQ eDirectory as an LDAP Server, this is an Attribute of type 'stream'.

See the Access Manager Admin Guide, Chapter 5 Configuring OAuth and OpenID Connect, Paragraph 'Extending a User Store for OAuth 2.0 Authorization Grant Information':

Access Manager OAuth 2.0 implementation stores the information about a client application, which a user authorizes to access attributes and resources. This information is unique per user. So, you need to store as part of a User Object in the user store. If you already have an attribute, you can use it in Authorization Grant LDAP Attribute while defining Global Settings.
If a free attribute is not available, then extend the User Object schema to add a new single-valued stream attribute with a name. Access Manager will store an XML object in this attribute for each user authorization


The type 'stream' Attribute has an OID (Object IDentifier) of According to the LDAP Attribute Syntax Definitions RFC2252 (https://www.ietf.org/rfc/rfc2252.txt), the name of this syntax is 'binary'.


Instead of the NetIQ eDirectory server, a 3rd party LDAP server is used, which does not support an Attribute type 'stream'.