Get Live Help
vrtEntryCanonicalName is a virtual property, set to the canonical name of the object in the connector.
On the AS/400 system, os400-profile is the user ID.
vrtEntryDN is a virtual property, set to the DN of the object in the connector. Once this mapping rule has been created, edit the mapping rule by clicking on it. Then check the box marked Force mapping against direction of synchronization.
The objectClass attribute (multi-valued) on the AS/400 system. Activate the check box Ignore case sensitivity.
vrtStructuralObjectClass on the AS/400 system defines the single object class for the object type.
Create a fixed value property variable on the AS/400 side called vrtIdentDomain that is set to the value $IdentDomain$. Map this to UID_LDPDomain. This will cause a conflict and the Property Mapping Rule Conflict Wizard opens automatically.
To solve the conflict
Create a fixed value property variable on the One Identity Manager side called vrtParentDN equal to a fixed string with value $UserLocation$. Map this to vrtEntryParentDN on the AS/400 side.
Create a new variable on the One Identity Manager side of type "Format Defined Property" with name vrtRDN. Set its value to os400-profile=%CN%. Then map this to vrtEntryRDN on the AS/400 side.
Used to change a user’s AS/400 password. A condition needs to be set on this rule to map the password only when there is a value to be copied.
To add a condition
This is a workaround needed to support group mappings. Create a new fixed value variable on the AS/400 side of type "String" with no value called vrtEmpty. Map this to UID_LDAPContainer. This generates a property mapping rule conflict.
To solve the conflict
vrtEntryDN is a virtual property, set to the DN of the object in the connector. This forms a unique ID to distinguish individual user objects on the AS/400 system.
To convert this mapping into an object matching rule
A message appears.
The following figure shows the above user mapping in operation.
This section shows a possible mapping between a group profile in AS/400 and the standard One Identity Manager database table called LDAPGroup. User and group information on the AS/400 is stored in the same container, so a filter needs to be set up to tell these apart.
|Select objects: Condition||os400_gid<>*NONE'|
|Select objects: Ignore case||Activated|
Map the LDAPGroup (all) schema class to this new schema class, group_os400_usrprf for this group mapping.
For more detailed information about setting up mappings, see the One Identity Manager Target System Synchronization Reference Guide.