vrtEntryCanonicalName is a virtual property, set to the canonical name of the object in the connector.
Sample value:
COM/MYCOMPANY/MAINFRAME1/USER/USER1234
On the RACF system, racfid is the user ID.
Sample value:
USER1234
vrtEntryDN is a virtual property, set to the DN of the object in the connector. Activate the check box Force mapping against direction of synchronization.
Sample value:
racfid=USER1234,profiletype=user,cn=mainframe1,o=mycompany,c=com
The objectClass attribute (multi-valued) on the RACF system. Activate the check box Ignore case sensitivity.
Sample value:
TOP;RACFBASECOMMON;RACFUSER
vrtStructuralObjectClass on the RACF system defines the single object class for the object type. Activate the check box Ignore case sensitivity.
Sample value:
RACFUSER
Create a fixed value property variable on the RACF side called vrtIdentDomain that is set to the value $IdentDomain$. Map this to UID_LDPDomain. This will cause a conflict and the Property Mapping Rule Conflict Wizard opens automatically.
To solve the conflict
Sample value:
RACF_DOMAIN
Create a fixed value property variable on the One Identity Manager side called vrtParentDN equal to a fixed string with value $UserLocation$. Map this to vrtEntryParentDN on the RACF side.
Sample value:
profiletype=user,cn=mainframe1,o=mycompany,c=com
Create a new variable on the One Identity Manager side of type "Script Property" with name vrtRDN and a data type of "string". In the Scripts section, enter one of the he following scripts in the Read script section, depending on whether your project is configured for C# or Visual Basic.
C# Script
references VI.TSUtils.dll;
return (VI.TargetSystem.Base.Utils.LDAP.RDN.Create("cn", useOldValues ? $cn[o]$ : $cn$).ToString()).Replace("cn=","racfid=");
VB Script
References VI.TSUtils.dll
Imports VI.TargetSystem.Base.Utils.LDAP
Dim name as String = ""
If useOldValues Then
name = $cn[o]$
Else
name = $cn$
End If
return RDN.Create("cn",name).ToString().Replace("cn=","racfid=")
Then map this to vrtEntryRDN on the RACF side.
Sample value:
USER1234
Used to change a user’s RACF password. A condition needs to be set on this rule to map the password only when there is a value to be copied.
To add a condition
Left.UserPassword<>''
This is a workaround needed to support group mappings. Create a new fixed value variable on the RACF side of type "String" with no value called vrtLDAPContainerDN with the value set to $UserLocation$. This generates a property mapping rule conflict.
To solve the conflict
vrtEntryDN is a virtual property, set to the DN of the object in the connector. This forms a unique ID to distinguish individual user objects on the RACF system.
To convert this mapping into an object matching rule
A message appears.
Edit the object mapping rule and ensure that the Case sensitive check box is not activated.
Sample value:
racfid=USER1234,profiletype=user,cn=mainframe1,o=mycompany,c=com
The following figure shows the above user mapping in operation.
This section shows a possible mapping between a user account in RACF and the standard One Identity Manager database table called LDAPGroup. The data set profile mapping used later also maps to LDAPGroup so a filter needs to be applied in order to tell these apart.
Property |
Value |
---|---|
Schema type | LDAPGroup |
Display name | LDAPGroup (RACF Group) |
Class name | LDAPGroup_racfgroup |
Select objects: Condition | StructuralObjectClass='racfgroup' |
Select objects: Ignore case | Activated |
For more detailed information about setting up mappings, see the One Identity Manager Target System Synchronization Reference Guide.
© 2021 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy