<?xml version =”1.0” encoding=”UTF-8”?\>
<!--
Copyright 2004 Sun Microsystems, Inc.
All rights reserved
Use is subject to license terms.
--\>
<!--
This xml file is used to link Windows
and Sun Directory Server users from
the command line. It is passed to the
\qidsync resync\q script as the -f option.
--\>
<!--
The following parameters allowLinkingOutOfScope:
if true, then Windows users can be
linked to Sun Directory Server users
that are outside of the users\q Synchronization
User List. Default is false.
--\>
<UserLinkingOperationList allowLinkingOutOfScope="false"\>
<!--
UserLinkingOperation encapsulates the configuration
of a single SUL to link. It includes the SUL ID
and a list of attributes to match.
A separate UserLinkingOperation must
be specified for each SUL being linked.
--\>
<UserLinkingOperation parent.attr="UserLinkingOperation" sulid="SUL1"\>
<!--
UserMatchingCriteria encapsulates a
list of attributes that must match for a user to be linked. --\>
<!--
For two users to match using this UserMatchingCriteria,
they must have the same givenName and the same sn. --\>
<UserMatchingCriteria parent.attr="UserMatchingCriteria"\>
<AttributeMap parent.attr="AttributeMap"\>
<AttributeDescription parent.attr="SunAttribute" name="sn"/\>
<AttributeDescription parent.attr="WindowsAttribute" name="sn"/\>
</AttributeMap\> <AttributeMap parent.attr="AttributeMap"\>
<AttributeDescription parent.attr="SunAttribute" name="givenName"/\
<AttributeDescription parent.attr="WindowsAttribute"
name="givenName"/\> </AttributeMap\></UserMatchingCriteria\>
<!--
Multiple UserMatchingCriteria can be specified for a single SUL.
They are treated as a logical OR. In this example,
the givenName\qs and sn\qs must match (see above)) OR
(the employee(Number|ID) must match),
for the user to be linked. Notice that attribute
that is specified, employeeNumber,
is the name of the DS attribute. --\>
<!--
This UserMatchingCriteria is commented out because
employeeNumber is not an indexed attribute in DS.
All attributes used in a UserMatchingCriteria
should be indexed.
<UserMatchingCriteria parent.attr="UserMatchingCriteria"\>
<AttributeMap parent.attr="AttributeMap"\>
<AttributeDescription parent.attr=
"SunAttribute" name="employeeNumber"/\>
<AttributeDescription parent.attr=
"WindowsAttribute" name="employeeID"/\>
</AttributeMap\>
</UserMatchingCriteria\>
--\>
</UserLinkingOperation\>
<!--
When multiple SULs are linked, a separate UserLinkingOperation
is specified for each.
As shown here, each UserLinkingOperation can use different
UserMatchingCriteria: in this example, users in SUL2 are
only linked if their sn and employeeNumber match.
Note: this UserLinkingOperation is currently
commented out because the example configuration
only has a single SUL.
<UserLinkingOperation parent.attr="UserLinkingOperation" sulid="SUL2"\>
<UserMatchingCriteria parent.attr="UserMatchingCriteria"\>
<AttributeMap parent.attr="AttributeMap"\>
<AttributeDescription parent.attr="SunAttribute" name="sn"/\>
<AttributeDescription parent.attr="WindowsAttribute" name="sn"/\>
</AttributeMap\>
<AttributeMap parent.attr="AttributeMap"\>
<AttributeDescription parent.attr=
"SunAttribute" name="employeeNumber"/\>
<AttributeDescription parent.attr=
"WindowsAttribute" name="employeeID"/\>
</AttributeMap\>
</UserMatchingCriteria\>
</UserLinkingOperation\>
--\>
</UserLinkingOperationList\>
|
