Configuring One-to-One Attribute Maps
A one-to-one map enables you to map single-value and multiple-value LDAP attribute names to standard Liberty attributes. A default one-to-one attribute map is provided with Access Manager, but you can also define your own.
An example of a one-to-one attribute map might be the single-valued Liberty attribute Common Name (CommonName) used by the Personal Profile that is mapped to the LDAP attribute givenName. You can further configure the various Liberty values to map to any LDAP attribute names that you use.
-
Click > > > > > > .
-
Specify the following details:
Type: Displays the type of mapping you are modifying or creating:
Name: The name you want to give the map.
Description: A description of the map.
Access Rights: If you set this to , you can specify rights for individual data items.
For user provisioning to succeed, you must select for any maps that use an attribute during user provisioning.
User Stores: The user store that a map applies to. If a user logs into a user store that is not in the map’s user store list, that map is not used to read or write attributes for that user.
-
Use the following guidelines to configure the map:
-
Mapping Personal Profile Single-Value Data Items to LDAP Attributes
-
Mapping Personal Profile Multiple-Value Data Items to LDAP Attributes
-
Mapping Employee Profile Single-Value Data Items to LDAP Attributes
-
Mapping Employee Profile Multiple-Value Data Items to LDAP Attributes
-
Mapping Custom Profile Single-Value Data Items to LDAP Attributes
-
Mapping Custom Profile Multiple-Value Data Items to LDAP Attributes
-
-
Click > .
-
Update Identity Server.
Mapping Personal Profile Single-Value Data Items to LDAP Attributes
The data items displayed are single-value Liberty Personal Profile attributes that you can map to the single-valued LDAP attributes that you have defined for your directory.
Mapping Personal Profile Multiple-Value Data Items to LDAP Attributes
Use this page to map multiple-value attributes from the Liberty Personal Profile to the multiple-value LDAP attributes defined for your directory. For example, map the Liberty attribute Alternate Every Day Name (AltCN) to the LDAP attribute you have defined for this purpose in your directory.
Mapping Employee Profile Single-Value Data Items to LDAP Attributes
Map the Liberty Employee Profile single-value attributes to the LDAP attributes you have defined in your directory for entries such as ID, Date of Hire, Job Start Date, Department, and so on.
Mapping Employee Profile Multiple-Value Data Items to LDAP Attributes
Map Liberty Employee Profile multiple-value attributes to LDAP attributes defined in your directory.
Mapping Custom Profile Single-Value Data Items to LDAP Attributes
Map custom Liberty profile single-value attributes to LDAP attributes you have defined in your directory. These attributes are customizable strings associated with the Custom Profile.
Customizable String (1 - 10): The Custom Profile allows custom single-value and multiple-value attributes to be defined without using the Data Model Extension XML to extend a service’s schema. To use a customizable attribute, navigate to the tab on the Custom Profile Details page (see Customizing Attribute Names). Use the page to customize the name of any of the predefined single-value or multiple-value customizable attributes in the Custom Profile. After you customize a name, you can use that attribute in the same way you use any other profile attribute.
Mapping Custom Profile Multiple-Value Data Items to LDAP Attributes
Customizable Multi-Valued Strings (1 - 5): Similar to customizable strings for single-value attributes, except these attributes can have multiple values. Use this list of fields to map directory attributes that can have multiple values to multiple-value strings from the Custom Profile.