| Sun ONE Identity Synchronization for Windows Installation and Configuration Guide |
Appendix B
LinkUsers XML Document SampleTo customize to your environment use the LinkUsers XML Document titled IlodeLinkUsersIntegrate.cfg. For this particular integration test, the canned LinkUsers XML Document requires no modifications. However, the file contains comments that explain how to change it to control how users are linked, including linking users in multiple SULs.
<?xml version="1.0" encoding="UTF-8"?>
<!--=================================================================
Copyright © 2003 Sun Microsystems, Inc. All rights reserved.
Patents Pending.
SUN PROPRIETARY/CONFIDENTIAL.
Use is subject to license terms.
===================================================================-->
<!-- This xml file is used to drive an ILODE (Initial Linking Of Directory
Entries) operation from the command line. It is passed to the
LinkUsers script as the -f option.
-->
<UserLinkingOperationList>
<!-- UserLinkingOperation encapsulates the configuration of a
single SUL to ILODE. It includes the SUL ID and a list of
attributes to match. A separate UserLinkingOperation must
be specified for each SUL being ILODE’d. -->
<UserLinkingOperation parent.attr="UserLinkingOperation" sulid="SUL1">
<!-- UserMatchingCriteria encapsulates a list of attributes
that must match for a user to be linked. -->
<!-- For two users to match using this UserMatchingCriteria, they
must have the same givenName and the same sn. -->
<UserMatchingCriteria parent.attr="UserMatchingCriteria">
<AttributeMap parent.attr="AttributeMap">
<AttributeDescription parent.attr="SunAttribute" name="sn"/>
<AttributeDescription parent.attr="WindowsAttribute" name="sn"/>
</AttributeMap>
<AttributeMap parent.attr="AttributeMap">
<AttributeDescription parent.attr="SunAttribute" name="givenName"/>
<AttributeDescription parent.attr="WindowsAttribute" name="givenName"/>
</AttributeMap>
</UserMatchingCriteria>
<!-- Multiple UserMatchingCriteria can be specified for a single
SUL. They are treated as a logical OR. In this example, (the
givenName’s and sn’s must match (see above)) OR (the employee(Number|ID) must
match), for the user to be linked. Notice that attribute that
is specified, employeeNumber, is the name of the DS
attribute. -->
<!-- This UserMatchingCriteria is commented out because employeeNumber is not
an indexed attribute in DS. All attributes used in a UserMatchingCriteria
should be indexed.
<UserMatchingCriteria parent.attr="UserMatchingCriteria">
<AttributeMap parent.attr="AttributeMap">
<AttributeDescription parent.attr="SunAttribute" name="employeeNumber"/>
<AttributeDescription parent.attr="WindowsAttribute" name="employeeID"/>
</AttributeMap>
</UserMatchingCriteria>
</UserLinkingOperation>
<!-- When multiple SULs are ILODE’d, a separate UserLinkingOperation
is specified for each. As shown here, each UserLinkingOperation
can use different UserMatchingCriteria: in this example, users in
SUL2 are only linked if their sn and employeeNumber match.
Note: this UserLinkingOperation is currently commented out because
the example configuration only has a single SUL.
<UserLinkingOperation parent.attr="UserLinkingOperation" sulid="SUL2">
<UserMatchingCriteria parent.attr="UserMatchingCriteria">
<AttributeMap parent.attr="AttributeMap">
<AttributeDescription parent.attr="SunAttribute" name="sn"/>
<AttributeDescription parent.attr="WindowsAttribute" name="sn"/>
</AttributeMap>
<AttributeMap parent.attr="AttributeMap">
<AttributeDescription parent.attr="SunAttribute" name="employeeNumber"/>
<AttributeDescription parent.attr="WindowsAttribute" name="employeeID"/>
</AttributeMap>
</UserMatchingCriteria>
</UserLinkingOperation>
-->
</UserLinkingOperationList>
