Chat now with support
Chat with Support

Identity Manager 9.2.1 - LDAP Connector for IBM i Reference Guide

System variables

The following system variables need to be defined for the attribute mappings. For more detailed information about variables, see the One Identity Manager Target System Synchronization Reference Guide.

Table 1: System variables
Name Value

IdentDomain

The name of your IBM i domain, for example, AS400_001

UserLocation

Parent DN of your IBM i user container, for example, CN=ACCOUNTS,OS400-SYS=AS4001.MYCOMPANY.COM

GroupLocation

Parent DN of your IBM i group container, for example, CN=ACCOUNTS,OS400-SYS=AS4001.MYCOMPANY.COM

Related topics

Domain filter setting

A domain filter needs to be created to identify information that has been retrieved from the IBM i database to keep it separate from other imported data.

  1. Update the One Identity Manager schema so that all entries are included.

    1. In the Synchronization Editor, open your IBM i project.

    2. Select Configuration > One Identity Manager connection.

    3. In the General section, click Update schema.

    4. Click Yes in the next two dialogs.

    5. Click OK when completed.

  2. In the Manager

    1. Select LDAP > Domains.

    2. In the result list toolbar, click .

    3. On the General tab, enter the following general master data.

      Table 2: Domain master data

      Property

      Description

      Display name

      Display name, for example, AS400 Domain 001

      Distinguished name

      Distinguished name of the domain, for example, OS400-SYS=AS4001.MYCOMPANY.COM

      Domain

      Domain name, for example, AS400_001

      Structural object class

      Structural object class representing the object type; enter DCOBJECT

    4. Save the changes.

  3. In the Synchronization Editor, open your IBM i project.

    1. Select Configuration > One Identity Manager connection.

    2. Select Scope view and click Edit scope.

    3. Select the object type LDPDomain in the Scope hierarchy list and set the Object filter to Ident_Domain =’$IdentDomain$’.

    4. Save the changes.

For more detailed information about scopes, see the One Identity Manager Target System Synchronization Reference Guide.

Related topics

User mapping information

This section shows a possible mapping between a user account in IBM i and the standard One Identity Manager database table called LDAPAccount. User and group information on the IBM i is stored in the same container, so a filter needs to be set up to tell these apart.

  • When creating the user mapping, add a new schema class as follows.

    Table 3: Schema class settings

    Property

    Value

    Schema type

    os400-usprf

    Display name

    user_os400_usrprf

    Class name

    user_os400_usrprf

    Select objects: Condition

    os400_gid='*NONE'

    Select objects: Ignore case

    Activated

  • Map the LDAPAccount (all) schema class to this new schema class, user_os400_usrprf, for this user mapping.

For more detailed information about setting up mappings, see the One Identity Manager Target System Synchronization Reference Guide.

Detailed information about this topic

Mandatory IBM i user attributes

When creating a user in the IBM i database, the following LDAP attributes must be defined:

  • objectclass

  • os400-profile

Related topics
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating