-
Title
Mapped attribute appears to work, but searching on attribute fails. -
Description
When an attribute is mapped (for example from mail to userprincipalname) using the MapAttributes plugin, a search of the newly mapped userprincipalname is unsuccessful.
Additionally, if searching at the OU level, the account is found, but from the base level or top level, it cannot find the account.
-
Cause
This can occur if the configuration of the BaseDN condition of the AttributeMapping stage is incorrect.
For example, if the BaseDN condition of the AttributeMapping stage is set to “ou=amer,dc=domain,dc=corp” any searches sent to the “dc=domain,dc=corp” base will not trigger the functionality.
-
Resolution
The best thing to do in this case is to move AttributeMapping to the post Virtual Tree Stages, and then change its Base DN condition from the virtual value “ou=amer,dc=domain,dc=corp” to the actual one “dc=domain,dc=corp”.
This should still limit the mapping to the ADEM branch while allowing root searches with the userprincipalname attribute.