When mapping the user entity you need to describe how the groups the user belongs to are retrieved. When mapping the group entity you need to describe how the users contained in the group are retrieved. The link information is required when displaying the list of objects that is affected by the import.
Linked objects are described using the <LDAPEntryLinks> section under the LDAP entry. LDAP provides two methods to retrieve the linked objects:
Each <LDAPEntryLink> element has the following attributes:
| Attribute | Description |
|---|---|
| linkedToLDAPEntity | The name of the linked entity (User or Group). Use User when describing the Group entity. Use Group when describing the User entity. |
| linkingLDAPAttr | The multiple-value attribute name on the LDAP entity that contains the linked entity. |
| linkingSearchFilter |
The search filter to be applied to retrieve the list of linked objects, for example: (&(objectClass=group)(memberOf=%attr%)) The search filter may contain the string % attr % that acts as a substitution string and is replaced at run time by the value of the attribute named "attr" of the imported entity. If the LDAP entry you are describing is a Group and the string is %name%, it is replaced by the value of the "name" attribute of the group you are importing. If the LDAP entry you are describing is a User and the string is %dn%, it is replaced by the "dn" attribute of the User you are importing. |
| linkingSearchScope |
Sets the scope of the search. Valid values are: - onelevel (the value normally used) - subtree |
Copyright © 2011, Oracle and/or its affiliates. All rights reserved.