Organizational Mapping
To define the mapping between the LDAP entries and Configuration Manager entities, the Organization mapping file must be edited. Values that match the layout of the LDAP repository must be provided for the various keys.
User entities are identified by an object class that all entities use, as well as an attribute whose value must be unique within the whole repository. A display name format can be provided which will affect how users are displayed in the management application and optionally a container entry can be defined if the user entries within an organization use such an entry. The key names and their default values are:
# Object class that all user entries use User/ObjectClass=inetorgperson # Attribute whose value in user entries is unique within the repository User/UniqueIdAttribute=uid # Optional container in organization entries of the user entries, # remove line if not used User/Container=ou=People # Display name format within the management application User/DisplayNameFormat=sn, givenname
Role entities are identified by a list of possible object classes that they use, along with the corresponding naming attributes. These lists use the format <item1>,<item2>,...,<itemN> and must be aligned. That is, the lists must have the same number of items and the nth object class must be used with the nth naming attribute. Two keys define the relationship between roles and users as well as between roles and hosts. The VirtualMemberAttribute key must specify an attribute whose values can be queried from a user or host entry. The key must also contain the full DNs of the roles that the entry belongs to. The MemberAttribute key must specify an attribute from a user or host entry for the search filter. The key must also contains the full DNs of the roles that the user or host belongs to. The VirtualMemberAttribute key can be a Class Of Service virtual attribute, whereas the MemberAttribute key must be a physical attribute that can be used in a filter. The key names and their default values are:
# List of object classes for roles Role/ObjectClass=nsRoleDefinition # Aligned list of corresponding naming attributes Role/NamingAttribute=cn # Physical attribute (usable in a filter) containing the DNs # of the roles of a user/host Role/MemberAttribute=nsRoleDN # Attribute whose query on a user or host return the DNs of the # roles it belongs to Role/VirtualMemberAttribute=nsRole
Organization entities are identified in a way similar to roles, with two aligned lists of object classes and corresponding naming attributes. The key names and their default values are:
# List of object classes for organizations Organization/ObjectClass=organization # Aligned list of corresponding naming attributes Organization/NamingAttribute=o
Domain entities are identified in a way that is similar to organization entities. The key names and their default values are:
# List of object classes for domains Domain/ObjectClass=ipNetwork # Aligned list of corresponding naming attributes Domain/NamingAttribute=cn
Host entities are identified in a way that is similar to user entities. The key names and their default values are:
# Object class that all host entries use Host/ObjectClass=ipHost # Attribute whose value in host entries is unique within the repository Host/UniqueIdAttribute=cn # Optional container in domain entries of the host entries, # remove line if not used Host/Container=ou=Hosts
- © 2010, Oracle Corporation and/or its affiliates