• CanonicalName ← vrtEntryCanonicalName

  vrtEntryCanonicalName is a virtual property, set to the canonical name of the object in the connector.

  Sample value:

  AS4001.MYCOMPANY.COM/ACCOUNTS/USER1234

• cn ←→ os400-profile

  On the IBM i system, os400-profile is the user ID.

  Sample value:

  USER1234

• DistinguishedName ← vrtEntryDN

  vrtEntryDN is a virtual property, set to the DN of the object in the connector. Once this mapping rule has been created, edit the mapping rule by clicking on it. Then select Force mapping against direction of synchronization.

  Sample value:

  os400-profile=USER1234,CN=ACCOUNTS,OS400-SYS=AS4001.MYCOMPANY.COM

• ObjectClass ←→ objectClass

  The objectClass attribute (multi-valued) on the IBM i system. Enable Ignore case sensitivity.

  Sample value:

  TOP;OS400-USRPRF

• StructuralObjectClass ← vrtStructuralObjectClass

  vrtStructuralObjectClass on the IBM i system defines the single object class for the object type.

  Sample value:

  OS400-USRPRF

• UID_LDPDomain ← vrtIdentDomain

  Create a fixed value property variable on the IBM i side called vrtIdentDomain that is set to the value $IdentDomain$. Map this to UID_LDPDomain. This will cause a conflict, and the Property Mapping Rule Conflict Wizard opens automatically.

  To resolve the conflict

  1. In the Property Mapping Rule Conflict Wizard, select the first option and click OK.

  2. On the Select an element page, select Ident_Domain and click OK.

  3. Confirm the security prompt with OK.

  4. On the Edit property page:

     1. Clear Save unresolvable keys.

     2. Select Handle failure to resolve as error.

  5. To close the Property Mapping Rule Conflict Wizard, click OK.

  Sample value:

  AS400_001

• vrtParentDN → vrtEntryParentDN

  Create a fixed-value property variable on the One Identity Manager side called vrtParentDN equal to a fixed string with value $UserLocation$. Map this to vrtEntryParentDN on the IBM i side.

  Sample value:

  CN=ACCOUNTS,OS400-SYS=AS4001.MYCOMPANY.COM

• vrtRDN → vrtEntryRDN

  Create a new variable on the One Identity Manager side of type Format Defined Property with the name vrtRDN. Set its value to os400-profile=%CN%. Then map this to vrtEntryRDN on the IBM i side.

  Sample value:

  os400-profile=USER1234

• userPassword → os400-password

  Used to change a user’s IBM i password. A condition needs to be set on this rule to map the password only when there is a value to be copied.

  To add a condition

  1. Create the mapping.

  2. Edit the property mapping rule.

  3. Expand the Condition for execution section at the bottom of the dialog.

  4. Click Add condition and set the following condition (a blank password is indicated by using two apostrophe characters).

     Left.UserPassword<>''

• UID_LDAPContainer ← vrtEmpty

  This is a workaround needed to support group mappings. Create a new fixed-value variable on the IBM i side of type String with no value called vrtEmpty. Map this to UID_LDAPContainer. This generates a property mapping rule conflict.

  To resolve the conflict

  • In the Property Mapping Rule Conflict Wizard, highlight Select this option if you do not want to change anything and click OK.

Related topics

• Mandatory IBM i user attributes
• System variables
• Object matching rules
• Sample user mapping