Sun Java System Identity Synchronization for Windows 6.0 Installation and Configuration Guide

Specifying How Object Creations Flow

ProcedureTo Specify How Object Creations Should Flow Between Directory Server and Active Directory Systems

  1. Click the Object Creation tab.

    Figure 4–33 Selecting and Propagating Creations

    Use this panel to specify new creation attributes and
to configure how creations will flow between systems.

  2. You can enable or disable the flow of creations as follows:

    • Enable Object creations flow from Sun Java System Directory Server to Windows to propagate creations from the Directory Server environment to your Windows servers.

    • Enable Object creations flow from Windows to Sun Java System Directory Server to propagate creations from the Windows environment to your Directory Servers.

    • Enable both options for bidirectional flow.

    • Disable both options to prevent user creations from propagating from one system to the other. (Default).

  3. To add, edit, or delete creation attributes to synchronize between systems, click the Creation Attributes button located under the selected option(s).

    The Creation Attribute Mappings and Values dialog box displays.

    Figure 4–34 Creation Attributes Mappings and Values: Directory Server to Windows

    Use this dialog box to map Active Directory creation
attributes to Directory Server.

    Figure 4–35 Creation Attributes Mappings and Values: Windows to Directory Server

    Use this dialog box to map Active Directory creation
attributes to Directory Server.

    You can use either of the dialog boxes to specify new creation attributes, edit, or delete existing attributes. For more information, see Specifying New Creation Attributes.


    Note –

    To satisfy schema constraints regarding required attributes for user object classes, you may have to specify additional attributes to flow through the system during a user creation.

    Additional attributes are not necessary if you specified the required attributes as modification attributes (as described in Selecting and Mapping User Attributes).


Specifying New Creation Attributes

The following instructions explain how to add and map creation attributes from Active Directory to Directory Server. (The procedure for adding and mapping creation attributes flowing from Directory Server to Windows and from Windows to Directory Server is similar.)

ProcedureTo Specify New Creation Attributes

  1. Click the New button in the Creation Attribute Mappings and Values dialog box.

    The Define Creation Attribute Mappings and Values dialog box is displayed.

    Figure 4–36 Defining Creation Attribute Mappings and Values

    Use this dialog box to map creation attributes and add
values to those attributes.

  2. Select an attribute value from the Active Directory attribute drop-down list.

    Figure 4–37 Selecting a New Active Directory Attribute

    Specify a new Active Directory attribute.

    Identity Synchronization for Windows allows you to initialize an attribute with multiple values— if the attribute itself accepts multiple values.

    For example, if your company has three fax telephone numbers, you can specify the facsilimiletelephonenumber attribute for both Sun Java System Directory Server and Active Directory, and specify the three numbers.

    You must know which attributes will accept multiple values. If you try adding multiple values to an attribute that does not accept them, an error will result during runtime when the program attempts to create the object.

  3. Enter a value in New value field and click Add.

    The program adds the attribute value to the list pane. Repeat this step as many times as necessary to add multiple attribute values.

    Figure 4–38 Specifying Multiple Values for a Creation Attribute

    You can specify multiple values for certain creation
attributes.

  4. To map the attribute to Directory Server, select an attribute name from the Directory Server attribute drop-down list.

    Figure 4–39 Mapping the Directory Server Attribute

    Map the Directory Server attribute to the Windows attribute.

  5. When you are finished, click OK.

    Based on the example, the finished Creation Attributes and Mappings table would look like the one in the following figure.

    Figure 4–40 Completed Creation Attributes and Mappings Table

    Finished Creation Attributes and Mappings table.

  6. To designate additional attributes, repeat these steps.

Editing Existing Attributes

ProcedureTo Edit Creation Attributes Mapping or Values

  1. Select the Object Creation tab, and click on the Creation Attributes button located under the selected creation option.

  2. When the Creation Mappings and Values dialog box is displayed, select the attribute from the table, and then click the Edit button.

    The Define Creation Mappings and Values dialog box is displayed.

  3. Use the drop-down menus to change the existing mapping between Directory Server and Active Directory (or Windows NT).

    For example, if you have Sun Java System Directory Server’s homephone attribute mapped to Active Directory’s othertelephone attribute. You could use the Active Directory attributes drop-down list to change the mapping to homephone.

  4. You can also add or remove attribute values:

    • To add a value, enter the information in the New Value field and click Add.

    • To remove a value, select the value from the list pane and click Remove.

  5. When you are done, click OK to apply your changes and close the Define Creation Mappings and Values dialog box.

  6. Click OK again to close the Creation Mappings and Attributes dialog box.

Removing Attributes

ProcedureTo Remove Creation Attributes Mapping or Values

  1. Select the Object Creation tab, and click the Creation Attributes button located under the selected creation option.

  2. When the Creation Mappings and Values dialog box is displayed, select the attribute from the table, and then click the Delete button.

    The attribute is removed from the table immediately.

  3. When you are done, click OK to close the Creation Mappings and Attributes dialog box.