| Oracle® Fusion Middleware Oracle Authentication Services for Operating Systems管理者ガイド 11g リリース(11.1.1) B61411-01 |
|
 前 |
 次 |
| Oracle® Fusion Middleware Oracle Authentication Services for Operating Systems管理者ガイド 11g リリース(11.1.1) B61411-01 |
|
| 前 |
次 |
このプロパティ・ファイルは、「Oracle Directory Integration Platformの構成」で説明しているように、expressSyncSetupを実行して生成した後にカスタマイズしたものです。太字で示しているのがカスタマイズ箇所です。
# USE THIS MAP FILE, IF DOMAIN IN ACTIVE DIRECTORY IS DIFFERENT FROM DOMAIN IN OID # FOR ONE-TO-ONE DOMAIN MAPPING USE ACTIVECHG.MAP.MASTER IN ODI/CONF DIRECTORY DomainRules CN=USERS,DC=test,DC=com:ou=People,dc=us,dc=example,dc=com:uid=%,ou=People,dc=us,dc=example,dc=com ### AttributeRules # attribute rule common to all objects objectguid: :binary: :orclobjectguid: : :bin2b64(objectguid) ObjectSID: :binary: :orclObjectSID: : :bin2b64(ObjectSID) distinguishedName: : : :orclSourceObjectDN: :orclADObject # attribute rule for mapping windows organizationalunit ou: : :organizationalunit:ou: : organizationalunit: # attribute rule for mapping directory containers cn: : :container: cn: :orclContainer: # attribute rule for mapping directordomains dc: : :domain: dc: :domain: # USER ENTRY MAPPING RULES # attribute rule for mapping windows LOGIN id sAMAccountName,userPrincipalName: : :user:orclSAMAccountName: :orclADUser:toupper(truncl(userPrincipalName,'@'))+"$"+sAMAccountname # attribute rule for mapping Active Directory LOGIN id userPrincipalName: : :user:orclUserPrincipalName: :orclADUser:userPrincipalName # Map the userprincipalname to the nickname attr by default #userPrincipalName: : :user:uid: :inetorgperson:userPrincipalName # Map the SamAccountName to the nickname attr if required # If this rule is enabled, userprincipalname rule needs to be disabled sAMAccountName: : :user:uid: :inetorgperson # Assign the userprincipalname to Kerberaos principalname userPrincipalName: : :user:krbPrincipalName: :orcluserv2:trunc(userPrincipalName,'@')+'@'+toupper(truncl(userPrincipalName,'@')) # This rule is mapped as SAMAccountName is a mandatory attr on AD # and sn is mandatory on OID. sn is not mandatory on Active Directory SAMAccountName: : :user:sn: : person: # attributes to map to cn - normally this is the given name cn: : :person:cn: :person: departmentNumber: : :inetorgperson:departmentnumber: :organizationalperson: # attribute rule for mapping entry and to create orclUserV2 # There should be a mapping rule with orcluserv2 objectclass # without which the PORTAL may not function properly # The next rule shows any attribute of any objectclass can be mapped # to different attribute of different objectclass so long as the # schema and syntax are compatible. givenName: : :user:displayName: :orclUserV2: employeeID: : :user:employeeNumber: :inetOrgPerson: physicalDeliveryOfficeName: : :user:physicalDeliveryOfficeName: :organizationalPerson: title: : :user:title: :organizationalPerson: mobile: : :organizationalperson:mobile: :inetorgperson: telephonenumber: : :organizationalperson:telephonenumber: :inetorgperson: facsimileTelephoneNumber: : :organizationalperson:facsimileTelephoneNumber: :inetorgperson: l: : :user:l: :person: # mail needs to be assigned valid value for default settings in DAS userPrincipalName: : :user:mail: :inetorgperson: # GROUP ENTRY MAPPING RULES cn: : :group:cn: :groupofuniquenames: # displayname needs to be assigned a valid value for default settings on DAS SAMAccountName: : :group:displayName: :orclgroup: # Description needs tobe assigned a valid value for default settings on DAS Description: : :group:Description: :groupOfUniqueNames: member: : :group:uniquemember: :groupofUniqueNames:dnconvert(member) managedby: : :group:owner: :orclprivilegegroup:dnconvert(managedby) sAMAccountName: : :group:orclSAMAccountName: :orclADGroup:
