Skip Headers
Oracle® Authentication Services for Operating Systems Administrator's Guide
10g (10.1.4.0.1-OAS4OS)
E12023-01
Go to Documentation Home
Home
Go to Book List
Book List
Go to Index
Index
Go to Master Index
Master Index
Go to Feedback page
Contact Us

Previous
Previous
 
Next
Next
View PDF

D Synchronization Profile for Active Directory Integration

This properties file was generated by running dipassistant express and then customizing the file, as described in "Configuring Oracle Directory Integration Platform". The customizations are shown in boldface.

# USE THIS MAP FILE, IF DOMAIN IN ACTIVE DIRECTORY IS DIFFERENT FROM DOMAIN IN OID
# FOR ONE-TO-ONE DOMAIN MAPPING USE ACTIVECHG.MAP.MASTER IN ODI/CONF DIRECTORY
DomainRules
CN=USERS,DC=sgttest01v1oimad,DC=com:ou=People,dc=us,dc=oracle,dc=com:
###  
AttributeRules
# attribute rule common to all objects
objectguid: :binary: :orclobjectguid: : :bin2b64(objectguid)
ObjectSID: :binary: :orclObjectSID: : :bin2b64(ObjectSID)
distinguishedName: : : :orclSourceObjectDN: :orclADObject
# attribute rule for mapping windows organizationalunit 
ou: : :organizationalunit:ou: : organizationalunit:
# attribute rule for mapping directory containers 
cn: : :container: cn: :orclContainer:
# attribute rule for mapping directordomains
dc: : :domain: dc: :domain:
# USER ENTRY MAPPING RULES
# attribute rule for mapping windows LOGIN id
sAMAccountName,userPrincipalName: : :user:orclSAMAccountName: :orclADUser:toupper(truncl(userPrincipalName,'@'))+"$"+sAMAccountname
# attribute rule for mapping Active Directory LOGIN id
userPrincipalName: : :user:orclUserPrincipalName: :orclADUser:userPrincipalName
# Map the userprincipalname to the nickname attr by default
#userPrincipalName: : :user:uid: :inetorgperson:userPrincipalName
# Map the SamAccountName to the nickname attr if required
# If this rule is enabled, userprincipalname rule needs to be disabled 
sAMAccountName: : :user:uid: :inetorgperson
# Assign the userprincipalname to Kerberaos principalname
userPrincipalName: : :user:krbPrincipalName: :orcluserv2:trunc(userPrincipalName,'@')+'@'+toupper(truncl(userPrincipalName,'@'))
# This rule is mapped as SAMAccountName is a mandatory attr on AD
# and sn is mandatory on OID. sn is not mandatory on Active Directory
SAMAccountName: : :user:sn: : person:
# attributes to map to cn - normally this is the given name
cn: : :person:cn: :person:
departmentNumber: : :inetorgperson:departmentnumber: :organizationalperson:
# attribute rule for mapping entry and to create orclUserV2
# There should be a mapping rule with orcluserv2 objectclass
# without which the PORTAL may not function properly 
# The next rule shows any attribute of any objectclass can be mapped
# to different attribute of different objectclass so long as the
# schema and syntax are compatible.
givenName: : :user:displayName: :orclUserV2:
employeeID: : :user:employeeNumber: :inetOrgPerson:
physicalDeliveryOfficeName: : :user:physicalDeliveryOfficeName: :organizationalPerson:
title: : :user:title: :organizationalPerson:
mobile: : :organizationalperson:mobile: :inetorgperson:
telephonenumber: : :organizationalperson:telephonenumber: :inetorgperson:
facsimileTelephoneNumber: : :organizationalperson:facsimileTelephoneNumber: :inetorgperson:
l: : :user:l: :person:
# mail needs to be assigned valid value for default settings in DAS 
userPrincipalName: : :user:mail: :inetorgperson:
# GROUP ENTRY MAPPING RULES
cn: : :group:cn: :groupofuniquenames:
# displayname needs to be assigned a valid value for default settings on DAS
SAMAccountName: : :group:displayName: :orclgroup:
# Description needs tobe assigned a valid value for default settings on DAS
Description: : :group:Description: :groupOfUniqueNames:
member: : :group:uniquemember: :groupofUniqueNames:dnconvert(member)
managedby: : :group:owner: :orclprivilegegroup:dnconvert(managedby)
sAMAccountName: : :group:orclSAMAccountName: :orclADGroup:
# Add parameter for Oracle Authentication Services for Operating Systems
cn: : :person:gecos: :person: