Chat now with support
Chat mit Support

Identity Manager 9.2 - LDAP Connector for CA Top Secret Reference Guide

Profile mapping information

This section shows a possible mapping between a profile in Top Secret and the standard One Identity Manager database table called LDAPGroup.

  • Set up a new mapping from LDAPGroup(all) to tssprofile(all).

For more detailed information about setting up mappings, see the One Identity Manager Target System Synchronization Reference Guide.

Detailed information about this topic

Mandatory Top Secret profile attributes

When creating a profile in the Top Secret database, the following LDAP attributes must be defined:

  • objectclass

  • tssprofile

  • name

  • Department

  • User-Type

Related topics

Property mapping rules

  • CanonicalName ← vrtEntryCanonicalName

    vrtEntryCanonicalName is a virtual property, set to the canonical name of the object in the connector. Select the Ignore case sensitivity check box.

    Sample value:

    COM/MYCOMPANY/TOPSECRET1/PROFILES/PROFILE1

  • cn ←→ tssprofile

    On the Top Secret system, tssprofile is the profile ID. Select the Ignore case sensitivity check box.

    Sample value:

    PROFILE1

  • DistinguishedName ← vrtEntryDN

    vrtEntryDN is a virtual property, set to the DN of the object in the connector.

    Sample value:

    tssprofile=PROFILE1,tssadmingrp=profiles,host=topsecret1,o=mycompany,c=com

  • ObjectClass ←→ objectClass

    The objectClass attribute (multi-valued) on the Top Secret system. Select the Ignore case sensitivity check box.

    Sample value:

    TSSPROFILE

  • StructuralObjectClass ← vrtStructuralObjectClass

    vrtStructuralObjectClass on the Top Secret system defines the single object class for the object type. Select the Ignore case sensitivity check box.

    Sample value:

    TSSPROFILE

  • UID_LDPDomain ← vrtIdentDomain

    Create a fixed-value property variable on the Top Secret side calledvrtIdentDomain that is set to the value $IdentDomain$. Map this to UID_LDPDomain. This causes a conflict and the Property Mapping Rule Conflict Wizard opens automatically.

    To resolve the conflict

    1. In the Property Mapping Rule Conflict Wizard, select the first option and click OK.

    2. On the Select an element page, select Ident_Domain and click OK.

    3. Confirm the security prompt with OK.

    4. On the Edit propertypage:

      1. Clear Save unresolvable keys.

      2. Enable Handle failure to resolve as error.

    5. To close the Property Mapping Rule Conflict Wizard, click OK.

    Sample value:

    TOPSECRET1

  • vrtParentDN → vrtEntryParentDN

    Create a virtual attribute on the One Identity Manager side equal to a fixed string representing the parent DN for the object that is being manipulated. Select the Ignore case sensitivity check box.

    Sample value:

    tssadmingrp=profiles,host=topsecret1,o=mycompany,c=com

  • vrtRDN → vrtEntryRDN

    Create a new variable on the One Identity Manager side of type Script Property with the name vrtRDN and a data type of String. In the Scripts section, enter one of the following scripts in the Read script section, depending on whether your project is configured for C# or Visual Basic.

    C# Script:

    references VI.TSUtils.dll;

    return (VI.TargetSystem.Base.Utils.LDAP.RDN.Create("cn", useOldValues ? $cn[o]$ : $cn$).ToString()).Replace("cn=","tssprofile=");

    VB Script:

    References VI.TSUtils.dll

    Imports VI.TargetSystem.Base.Utils.LDAP

    Dim name as String = ""

    If useOldValues Then

    name = $cn[o]$

    Else

    name = $cn$

    End If

    return RDN.Create("cn",name).ToString().Replace("cn=","tssprofile=")

    Then map vrtRDN to vrtEntryRDN on the Top Secret side.

    Sample value:

    tssprofile=PROFILE1

  • Description ←→ name

    The name attribute contains a description for the profile. Select the Ignore case sensitivity check box.

    Sample value:

    TEST PROFILE

  • UID_LDAPContainer ← vrtEmpty

    This is a workaround needed to support membership mappings. Create a new fixed-value variable on the Top Secret side of typeString with no value called vrtEmpty. This is mapped to UID_LDAPContainer. This generates a property mapping rule conflict.

    To resolve the conflict

    • In the Property Mapping Rule Conflict Wizard, highlight Select this option if you do not want to change anything and click OK.

  • vrtMember ←→ uniqueMember

    This mapping is used to synchronize profile membership information.

    1. Create a new virtual entry on the One Identity Manager side of type Members of M:N schema types with the name vrtMember. Select the Ignore case and Enable relative component handling check boxes.

    2. Add the following M:N schema types:

      1. Add an entry for LDAPAccountInLDAPGroup. Set the left box to UID_LDAPGroup and the right box to UID_LDAPAccount. Set the Primary Key Property to DistinguishedName.

      2. Add an entry for LDAPGroupInLDAPGroup. Set the left box to UID_LDAPGroupChild and the right box to UID_LDAPGroupParent. Set the Primary Key Property to DistinguishedName.

    3. Create a new mapping rule of type Multi-reference mapping rule. Set the rule name to Member and the mapping direction to Both directions. Set the One Identity Manager schema property to vrtMember and the Top Secret schema property to uniqueMember.

  • vrtType → User-Type

    Create a new fixed-value property on theOne Identity Manager side of type String with the value PROFILE. Call the property vrtType. Map this to User-Type on the Top Secret side. Select the Ignore case sensitivity check box.

  • SeeAlso ←→ Department

    The Department attribute defines the Top Secret department assigned to the profile. A suitable string attribute on the One Identity Manager side to store this value is SeeAlso. Select the Ignore case sensitivity check box.

    Sample value:

    TSSDEPT1

Related topics

Object matching rules

  • DistinguishedName (primary rule) vrtEntryDN

    vrtEntryDN is a virtual property, set to the DN of the object in the connector. This forms a unique ID to distinguish individual user objects on the Top Secret system.

    To convert this mapping into an object matching rule

    1. Select the property mapping rule in the rule window.

    2. Click in the rule view toolbar.

      A message appears.

    3. Click Yes to convert the property mapping rule into an object matching rule and save a copy of the property mapping rule.

    Sample value:

    tssprofile=PROFILE1,tssadmingrp=profiles,host=topsecret1,o=mycompany,c=com

Related topics
Verwandte Dokumente

The document was helpful.

Bewertung auswählen

I easily found the information I needed.

Bewertung auswählen