Sun Java System Identity Synchronization for Windows 6.0 Installation and Configuration Guide

Selecting and Mapping User Attributes

After you have created and configured your Directory Server and Windows directory sources, you must decide which user attributes you want to synchronize and then map those attributes between systems.

The information in this section is organized as follows:

Selecting and Mapping Attributes

There are two types of attributes:

ProcedureTo Select and Map Attributes for Synchronization

  1. Select the Identity Synchronization for Windows node at the top of the navigation tree.

    Figure 4–28 Attributes Tab

    Select the Attributes Tab.

    Note –

    When the Group Synchronization feature has been enabled, the uniquemember (Directory Server) attribute and member attribute (Active Directory) are internally mapped and would be indicated as shown in the console.

  2. Select the Attributes tab and then click the New button.

    The Define Significant Attribute Mappings dialog box is displayed. Use this dialog box to map attributes from Directory Server to your Windows Systems (Active Directory and/or Windows NT).

    Figure 4–29 Defining Significant Attribute Mappings

    Use this dialog to map the attributes between systems.

    Note –

    Which creation attributes are mandatory for Directory Server (or for Active Directory) will depend on the objectclass configured for your Sun-side (or Active Directory-side) user entries.

    The program automatically uses inetOrgPerson as the default objectclass for Directory Server, and you loaded the Active Directory schema when you specified the global catalog. So you do not use the Load Schema buttons unless you want to change the default schema.

    If you want to change the default schema source, see Changing the Schema Source

  3. Select an attribute from the Sun Java System attribute drop-down list (for examplecn), and then select the equivalent attribute from the Active Directory attribute and/or Windows NT SAM attribute drop-down menus.

  4. When you are finished, click OK.

  5. To designate additional attributes, repeat steps 2 through step 4.

    A finished Synchronized Attributes table might look something like the following example, which shows the userpassword, cn, and telephonenumber Directory Server attributes mapped to unicodepwd, cn, and telephonenumber Active Directory attributes.

    Figure 4–30 Completed Synchronized Attributes Table

    A completed synchronized attributes table.

Creating Parameterized Default Attribute Values

Identity Synchronization for Windows allows you to create parameterized default values for attributes using other creation or significant attributes.

To create a parameterized default attribute value, you embed an existing creation or significant attribute name— preceded and followed by percent symbols (% attribute_name %) — in an expression string. For example, homedir=/home/%uid% or cn=%givenName% %sn%.

When you create these attribute values:

Note –

When Group Synchronization is enabled, the following are important:

  1. The creation expression supported at Active Directory is cn=%cn%.

  2. The creation expression must contain valid attribute names belonging to the group objectclass also since the creation expression is common to both user as well as the group.

    For example: The attribute sn is not part of the groupofuniquenames objectclass at the Directory Server. Hence the following creation expression would be invalid for a group object. (Though it would work fine for user.)


  3. The attribute used in the creation expression must be provided with a value for every user/group entry created. The value maybe provided using the command line interface, if the console does not have the provision.

Changing the Schema Source

The program automatically provides default schema sources, but allows you to change the default schema.

ProcedureTo Change the Default Schema Source

  1. Click the Load Schema button on the Define Significant Attribute Mappings dialog box.

    The Select Schema Sources panel is displayed.

    Figure 4–31 Selecting Schema Sources

    Use this panel to select a schema source.

    Use this panel to specify from which Sun Java System Directory Server schema server you want to read the schema. This schema contains the object classes that are available on your system, and object classes define which attributes are available for users on your system.

    The program adds your configuration directory to the Sun Java System Directory schema server field by default.

  2. To select a different server, click the Choose button.

    The Select a Sun Schema Host dialog box is displayed. This dialog box contains a list of the configuration directories that gather administrative information about your directory sources.

    From this dialog box, you can:

    • Create new configuration directories and add them to the list.

      Click New, and when the New Configuration Directory dialog box displays; specify a Host, Port, User DN, and Password. Click OK when you are done.

    • Edit existing directories.

      Click Edit, and when the Edit Configuration Directory dialog box displays, you can change the Host, Port, User DN, and/or Password. Click OK when you are done.

    • Remove directories from the list.

      Select a directory name from the list and then click the Remove button.

  3. Select a server from the list and click OK when you are done. (Generally, one of your Sun synchronization host(s) is a good choice as a schema source.)

  4. Click the Next button and the Select Structural and Auxiliary Object Classes panel is displayed.

    Figure 4–32 Selecting Structural and Auxiliary Object Classes

    Use this panel to specify structural and auxiliary object

    Use this panel to specify the object classes to synchronize, as follows:

    • Structural Object Class: Every entry that is created or synchronized from the selected Directory Server must have at least one structural object class.

    • Auxiliary Object Classes: These object classes augment the selected structural class and provide additional attributes for synchronization.

      To specify structural and auxiliary object classes:

    1. Select a structural object class from the drop-down list. ( Default is inetorgperson.)

    2. Select one or more object classes from the Available Auxiliary Object Classes list pane, and then click Add to move your selection(s) to the Selected Auxiliary Object Classes list pane.

      The selected object class(es) determine which Directory Server source attributes will be available for selection as significant or creation attributes. The object class(es) also determine the mandatory creation attributes.

      To delete selections from the Selected Auxiliary Object Classes list, click the object class name and then click the Remove button.

    3. When you are done, click Finish and the program loads the schema and selected object classes.