1. Security Administration Guide
  2. Configuring LDAP to EnterpriseOne Enterprise Server Mappings

Configuring LDAP to EnterpriseOne Enterprise Server Mappings

You can map attributes for users or for user-role relationships depending upon your configuration. If you are entering mappings for user-role relationships, you must also ensure that the LDAP configuration record is enabled for roles.

Access the LDAP Server Mappings form. To do so, on the Available LDAP Configurations form, select Mappings from the Row menu.

  1. Click the search button in the Enterprise Server Attribute Name column to select the attributes to include in the mappings.

    After selecting the attributes, you must enter the appropriate LDAP value for the attribute in the LDAP Server Actual Attribute column.

  2. To configure the LDAP to Enterprise Server mappings:

    For a standard setup, enter values for these attributes:

    Attribute

    Description

    E1USRIDATR

    EnterpriseOne User ID Attribute. Specifies the user ID attribute in LDAP that is used for EnterpriseOne users. The system uses this attribute when creating users in LDAP during EnterpriseOne sign-in, for example E1USRIDATR=cn.

    USRSRCHATR

    User ID Search Attribute. Specifies the search criteria for the sign-on user ID. This is the value that maps the sign-on user ID in LDAP to the sign-in user ID in EnterpriseOne, for example USRSRCHATR=cn.

    The USRSRCHATR and E1USRIDATR attributes should be mapped to the same value.

    ROLNAMEATR

    Role Name Attribute (use only if roles are enabled in LDAP). This value maps the role in LDAP to the role in EnterpriseOne, for example ROLENAMEATR=cn

    ROLSRCHATR

    Role Search Attribute (use only if roles are enabled in LDAP). Specifies the search attribute for the role in the LDAP server. The system uses this attribute to search LDAP for a list of roles for a user, for example ROLSRCHATR=member.

    LANGUAGATR

    Language Attribute. Specifies the language attribute used within LDAP, for example LANGUAGATR=preferredLanguage

    For an EnterpriseOne long user ID configuration, enter values for these attributes:

    Attribute

    Description

    E1USRIDATR

    EnterpriseOne User ID Attribute. Specifies the user ID attribute in LDAP that is used for EnterpriseOne users. The system uses this attribute when creating users in LDAP during EnterpriseOne sign-in, for example E1USRIDATR=uid.

    USRSRCHATR

    User ID Search Attribute. Specifies the search criteria for the sign-on user ID. This is the value that maps the sign-on user ID in LDAP to the sign-in user ID in EnterpriseOne, for example USRSRCHATR=uid.

    For a long user ID configuration, the USRSRCHATR and E1USRIDATR attributes should be mapped to different LDAP attributes, for example USRSRCHATR=cn. This is because JDE uses USRSRCHATR to read the long user ID which is used during EnterpriseOne sign-in for a long user ID configuration.

    ROLNAMEATR

    Role Name Attribute (use only if roles are enabled in LDAP). This value maps the role in LDAP to the role in EnterpriseOne, for example ROLENAMEATR=cn

    ROLSRCHATR

    Role Search Attribute (use only if roles are enabled in LDAP). Specifies the search attribute for the role in the LDAP server. The system uses this attribute to search LDAP for a list of roles for a user, for example ROLSRCHATR=member.

    LANGUAGATR

    Language Attribute. Specifies the language attribute used within LDAP, for example LANGUAGATR=preferredLanguage

  3. If you are using the self-service version of the user profile application for the Manufacturing Sourcing module, enter values for these attributes:

    Note: You cannot use this application to manage LDAP user profiles.

    Attribute

    Description

    CMNNAME

    Common Name. Specifies the Common Name for a user in LDAP. The system uses this attribute when creating users in LDAP, for example CMNNAME=cn

    GIVENNAME

    Specifies the Given Name for a user in LDAP. It is used when creating users in LDAP, especially in Active Directory, for example GIVENNAME=givenName.

    SURNAME

    Specifies the SUR Name for a user in LDAP. This attribute is used when creating users in LDAP, for example SURNAME=sn.

    PASSWORD

    Specifies the password associated with the account that you specify with the ConnectDN (distinguished name) of the LDAP server.

    OBJCLASS

    Object Class. Specifies the Object Class attribute for a user in LDAP it is used when creating users in LDAP, for example OBJCLASS=objectCLASS.

    ACNTCTLATR

    Account Control Attribute. Specifies the attribute used in Active Directory for user authority in Active Directory, for example ACNTCTLATR=userAccountControl. If the attribute USRACNTCTL=512 is used in conjunction with ACNTCTLATR, the EnterpriseOne API will create an enabled user in Active Directory only.

    ACTNAMEATR

    Account Name Attribute. Specifies the attribute used only in Active Directory for creating a signon user account, for example ACNTCTLATR=sAMAccountName.