Federation Manager Guide › User Directory Connections for Authentication › Create a Common View of the Same User Information Across Directories › Establish Connections to User Directories › Advanced User Attribute Mapping Examples › Map the Account Status with the Mask and Expression Mapping Types
Map the Account Status with the Mask and Expression Mapping Types
Use a mask attribute mapping and an expression attribute mapping to identify user accounts that are disabled in Directory A and Directory B.
Deployment
- Directory A identifies disabled accounts with a user attribute named AccountStatus, which is a set of flags. The second bit indicates a disabled account.
- Directory B identifies disabled accounts with a user attribute named u_disabled. When u_disabled is equal to "y", the account is disabled. When u_disabled is equal to "n", the account is active.
Solution
- Create a mask attribute mapping for Directory A.
- Name
-
IsDisabled
- Mapping Type
-
Mask
- Definition
-
AccountStatus:2
The definition indicates that the bit pattern is stored in AccountStatus, and the bit mask is 2 (decimal).
- Create a expression attribute mapping for Directory B.
- Name
-
IsDisabled
- Mapping Type
-
Expression
- Definition
-
(u_disabled = "y")
u_disabled is a Boolean expression.
When referencing Directory A, the bit pattern determines if a user is disabled. When referencing Directory B, the expression determines if a user is disabled.
|
Copyright © 2012 CA.
All rights reserved.
|
|
