Previous Topic: Changing Passwords Using Windows ToolsNext Topic: CA ACF2 Connector

Connector GuidesConnectors GuideConnecting to EndpointsCA Access Control ConnectorPassword SynchronizationMapping Configuration from Windows

Mapping Configuration from Windows

The following two configuration files are an example of a conversion from Windows to CA Access Control. The information that you should modify is in italics.

;
; This configuration file is used by the CA IdentityMinder Windows Password 
; Synchronization Facility.
;
[Server]
host=<Provisioning Server host>
port=20389
use_tls=yes
admin_suffix=dc=<domain suffix>
admin=etaadmin
password=k4tpGDJ8Djg=

;; CA IdentityMinder domain information
;;
;; If the search fails, and the container dn is specified, the account dn is
;; constructed as "<acct_attribute_name>=<native acct name>,<container dn>".
;; The container DN should contain "dc=eta".
;;
[EtaDomain]
domain=<domain name>
etrust_suffix="dc=eta"
domain_suffix=dc=<domain suffix>
Namespace=Windows NT
directory=chete03

directory_dn=eTN16DirectoryName=chete03,eTNamespaceName=Windows NT,dc=129-731-CHOPIN,dc=eta
container_dn=eTN16AccountContainerName=Accounts,eTN16DirectoryName=chete03,eTNamespaceName=Windows NT,dc=129-731-CHOPIN,dc=eta
acct_attribute_name=eTN16AccountName
acct_object_class=eTN16Account

;
; This configuration file is used by the CA IdentityMinder Password Synchronization 
; Facility for CA Access Control
;

[Server]
host=<Provisioning Server host>
port=20389
use_tls=yes
admin_suffix=dc=<domain suffix>
admin=etaadmin
password=k4tpGDJ8Djg=

;; CA IdentityMinder domain information
;;
;; In order to find the account DN, a search operation will be performed, using
;; the directory dn as the search base, and objectClass and account name as the 
;; search filter.
;;
;; If the search fails, and the container dn is specified, the account dn is
;; constructed as "<acct_attribute_name>=<native acct name>,<container dn>".
;; The container DN should contain "dc=eta".
;;
;; Currently, domain, etrust_suffix, Endpoint Type, and directory keys are not used, 
;; because all DNs are hardcoded. The future enhancement is to provide "domain", 
;; "Endpoint Type" and, "directory name". CA IdentityMinder will find out the DNs based on 
;; the supplied information.

[EtaDomain]
domain=<domain name>
etrust_suffix="dc=eta"
domain_suffix=dc=<domain suffix>
Namespacee=Windows NT
directory=pmdb 
;; Directory name of the CA Access Control system
directory_dn=eTACCDirectoryName=pmdb,eTNamespaceName=Access Control,dc=129-731-CHOPIN,dc=eta
container_dn=eTACCAccountContainerName=Accounts,eTACCDirectoryName=pmdb,eTNamespaceName=Access Control,dc=129-731-CHOPIN,dc=eta
acct_attribute_name=eTACCAccountName
acct_object_class=eTACCAccount

;; Password Profile Configuration
;; profile_enabled = [yes|y|no|n] ---> Unknown values default to "no"
;; profile_dn = "<the DN of the password profile>"
[PasswordProfile]
profile_enabled = no
profile_dn = eTPasswordProfileName=Password Profile,eTPasswordProfileContainerName=Password Profile,eTNamespaceName=CommonObjects,dc=129-731-CHOPIN,dc=eta