Previous Topic: Identity Mappings ConfigurationNext Topic: Remove Directory Mappings from Realms

Policy Server GuidesPolicy Server Configuration GuideDirectory MappingLegacy Directory Mapping Configuration

Legacy Directory Mapping Configuration

Legacy directory mapping maps the authentication directory to an authorization or a validation directory using an Identical DN or a Universal ID.

The two types of legacy directory mapping methods are:

If an Auth/Az or AuthValidate mapping is configured, the Policy Server first attempts to use the session user directory to locate a user, then uses the specified mapping mechanism only if the user is not found in the session user directory.

How to Configure an Authentication and Authorization Directory Mapping

Configuring an Auth/Az directory mapping is a two-step process:

  1. Configure the directory mapping.
  2. Assign an authorization directory to a realm.
Configure a Directory Mapping

To authenticate users against one directory and authorize users against another directory, configure a directory mapping.

Follow these steps:

  1. Click Infrastructure, Directory.
  2. Click Auth/Az Mapping.
  3. Click Create Directory Mapping.
  4. Select the authentication and authorization directories from the respective lists.
  5. Select the Identical DN or Universal ID.

    Important! The directory mapping is successful only if the Universal ID points to a single entry in the authorization directory.

  6. Click Submit.

    The Create Directory Mapping task is submitted for processing.

More information:

Universal IDs

Assign an Authorization Directory to a Realm

Assign a directory mapping to a realm. The Policy Server uses the authorization directory that is specified in the realm to authorize users.

Follow these steps:

  1. Open the realm that you want to assign a directory mapping.
  2. From the Directory Mapping list, select the user directory that the realm can use to authorize an authenticated user.

    The default value indicates that there is no directory mapping. The authentication directory is used as the authorization directory when a user attempts to access a resource in the realm. The list only contains user directories that are configured as authorization directories in an existing directory mapping.

    Important! You can map only one authorization directory per realm.

  3. Click Submit.

    The Policy Server saves the directory mapping. Users that access the realm authenticate normally and authorize against the directory that is specified in the realm.

More information:

Configure a Realm

How to Configure an AuthValidate Directory Mapping

AuthValidate Directory Mapping is an extension of authentication and authorization directory mapping. Both types of directory mapping let users authenticate against one user directory and authorize against another user directory. In both cases, the directory mapping type can be further specified as Identical DN or Universal ID.

AuthValidate directory mapping extends authentication and authorization directory mapping in three ways:

Configure an AuthValidate Directory Mapping

To authenticate users against one directory and validate users against another directory, configure an AuthValidate directory mapping.

Note: The AuthValidate mappings are global.

Follow these steps:

  1. Click Infrastructure, Directory.
  2. Click AuthValidate Directory Mappings.
  3. Click Create AuthValidate Directory Mapping.
  4. Type the name of the directory that is used to authenticate users in the Authentication Directory field.
  5. Select the directory that is used to validate users from the Validation Directory list.
  6. Select a mapped DN from the available options.
  7. Click Submit.

    The AuthValidate Directory Mapping task is created.