Investigating the LDAP Attributes

In this procedure, you will strip your initial mapping to its minimum settings so that you can review the nodes in the Sources pane for details that will help create a mapping with the best possible settings.

After investigating the effects of minimal mapping on the LDAP attributes, you can improve the mapping and the usability of the data shown in that pane.

  1. Reduce your mapping to minimal settings:
    1. Click Configure > Mappings.
    2. Double-click the mapping to display the Mapping Properties dialog box.
    3. In the General node, for the User filter and Group filter fields, specify an asterisk (*) as the value for objectClass. For example: (objectClass=*)
    4. Select the Group Attributes node.
    5. Clear all of the fields so that no settings exist for Group Name, Child, Parent, User Display, or Group Display.
    6. Click OK and then Close.
  2. Review the setting for your directory service or LDIF file object:
    1. In the Sources pane, right-click a directory service or LDIF file object and select Properties. The Directory Service Properties or LDIF File Properties dialog box opens.
    2. Make a note of the base DN.
    3. Click OK.
  3. In the Sources pane, expand the node for this object to see the information displayed in the tree. Note that the nodes are complete DNs.
  4. Find the node that best matches your base DN and expand it, to look for users and groups.
  5. Look for patterns and make notes about them. For example, before group names you may always find “OU” and before user names, you may always find “CN”. OU and CN are commonly used LDAP attribute names.
  6. Examine the LDAP attributes for a group:
    1. In the Sources pane, right-click a node that represents a group and select Properties. The User/Group LDAP Properties dialog box opens.
    2. Select All Properties.
    3. Find the objectClass attribute. Record your group’s objectClass values for later use.
    4. Find the attribute for the group name. The name AllGroups is the value of the name and the OU attributes. Record one or both of these attributes for later use.
    5. Look for attribute names that suggest that this object is the child or parent of another object, such as Member or memberOf. To complete this task, you may need help from your system administrator. If you find such attributes, write down the attribute names.
    6. Click OK.
  7. Examine the LDAP attributes for a user:
    1. Right-click a node that represents a user, and select Properties. The User/Group LDAP Properties dialog box opens.
    2. Select All Properties.
    3. In the dialog, find the objectClass attribute. For example, the objectClass for a user may be top, organizationalPerson, and user. Record your user’s objectClass values for later use.
    4. Look for attribute names that suggest that this object is the parent or child of another object, such as Member or memberOf. You may have to ask your system administrator for assistance with this task. For example, the user may have a memberOf attribute. Record that attribute name for later use.
    5. Click OK.
Parent topic: Mappings