You create Synchronization User Lists (SULs) to define specific users in both the Sun and Windows directories to be synchronized. These definitions enable synchronization of a flat Directory Information Tree (DIT) to a hierarchical directory tree.
The following concepts are used to define a Synchronization User List:
Base DN(not applicable to Windows NT): Includes all users in that DN unless another SUL is more specific or unless excluded by a filter.
Filter: Uses attributes in the user’s entry to exclude users from synchronization or to separate users with the same base DN into multiple SULs. This filter uses LDAP filter syntax.
Creation expression (not applicable to Windows NT): Constructs the DN where new users are created, for example, cn=%cn%,ou=sales,dc=example, dc=com where %cn% is replaced with the value of cn from the existing user entry. A creation expression must end with the base DN.
An SUL includes two definitions; where each definition identifies the group of users to be synchronized in the topology terms of the directory type.
One definition identifies which Directory Server users to synchronize (for example: ou=people, dc=example, dc=com)
The other definition identifies the Windows users to synchronize (for example: cn=users, dc=example, dc=com)
When you are preparing to create SULs, ask yourself the following questions:
Which users will be synchronized?
Which users are excluded from synchronization?
Where should new users be created?
See Appendix D, Defining and Configuring Synchronization User Lists for Identity Synchronization for Windows for detailed information about creating SULs.