Chat now with support
Chat with Support

Identity Manager 9.2.1 - LDAP Connector for CA ACF2 Reference Guide

Mandatory ACF2 user attributes

When creating a user in the ACF2 database, the following LDAP attributes must be defined:

  • objectclass

  • acf2lid

  • userPassword

Related topics

Property mapping rules

  • CanonicalName ← vrtEntryCanonicalName

    vrtEntryCanonicalName is a virtual property, set to the canonical name of the object in the connector.

    Sample value:

    COM/MYCOMPANY/MAINFRAME2/LIDS/USER1234

  • cn ←→ acf2lid

    On the ACF2 system, acf2lid is the user ID.

    Sample value:

    USER1234

  • DistinguishedName ← vrtEntryDN

    vrtEntryDN is a virtual property, set to the DN of the object in the connector. Once this mapping rule has been created, edit the mapping rule by clicking on it. Select the Force mapping against direction of synchronization check box.

    Sample value:

    acf2lid=USER1234,acf2admingrp=lids,host=mainframe2,o=mycompany,c=com

  • ObjectClass ←→ objectClass

    The objectClass attribute (multi-valued) on the ACF2 system. Select the Ignore case sensitivity check box.

    Sample value:

    ACF2LID

  • StructuralObjectClass ← vrtStructuralObjectClass

    vrtStructuralObjectClass on the ACF2 system defines the single object class for the object type.

    Sample value:

    ACF2LID

  • UID_LDPDomain ← vrtIdentDomain

    Create a fixed value property variable on the ACF2 side called vrtIdentDomain that is set to the value $IdentDomain$. Map this to UID_LDPDomain. This will cause a conflict and the Property Mapping Rule Conflict Wizard opens automatically.

    To resolve the conflict

    1. In the Property Mapping Rule Conflict Wizard, select the first option and click OK.

    2. On the Select an element page, select Ident_Domain and click OK.

    3. Confirm the security prompt with OK.

    4. On the Edit property page:

      1. Clear Save unresolvable keys.

      2. Select Handle failure to resolve as error.

    5. To close the Property Mapping Rule Conflict Wizard, click OK.

    Sample value:

    MAINFRAME2

  • vrtParentDN → vrtEntryParentDN

    Create a fixed-value property variable on the One Identity Manager side called vrtParentDN equal to a fixed string with the value $UserLocation$. Map this to vrtEntryParentDN on the ACF2 side.

    Sample value:

    acf2admingrp=lids,host=mainframe2,o=mycompany,c=com

  • vrtRDN → vrtEntryRDN

    Create a new variable on the One Identity Manager side of type Format Defined Property with the name vrtRDN. Set its value to acf2lid=%CN%. Then map this to vrtEntryRDN on the ACF2 side.

    Sample value:

    acf2lid=USER1234

  • userPassword → userPassword

    Used to change a user’s ACF2 password. A condition needs to be set on this rule to map the password only when there is a value to be copied.

    To add a condition

    1. Create the mapping.

    2. Edit the property mapping rule.

    3. Expand the Condition for execution section at the bottom of the dialog.

    4. Click Add condition and set the following condition (a blank password is indicated by using two apostrophe characters).

      Left.UserPassword<>''

Related topics

Object matching rules

  • DistinguishedName (primary rule) vrtEntryDN

    vrtEntryDN is a virtual property, set to the DN of the object in the connector. This forms a unique ID to distinguish individual user objects on the ACF2 system.

    To convert this mapping into an object matching rule

    1. Select the property mapping rule in the rule window.

    2. Click in the rule view toolbar.

      A message appears.

    3. Click Yes to convert the property mapping rule into an object matching rule and save a copy of the property mapping rule.

    Sample value:

    acf2lid=USER1234,acf2admingrp=lids,host=mainframe2,o=mycompany,c=com

Related topics

Sample user mapping

The following figure shows the user mapping in operation.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating