CA SiteMinder® Federation Standalone Guide › User Directory Connections for Authentication › Create a Common View of the Same User Information Across Directories › Establish Connections to User Directories › Group Name Use Case

Group Name Use Case

This use case shows two LDAP user directories, which use different underlying schema to identify users that belong to an Administrator group.

Note: Review the advanced user attribute mapping examples, which detail how to use different attribute mapping types to identify the same user attribute across different directory types.

The following illustration details how two group name attribute mappings can create a common view of the same user information.

1. Two user directories identify membership to the administrator group differently:
   • Directory A identifies membership in the administrator group as cn=Administrators,ou=groups,o=acme.com.
   • Directory B identifies membership in the administrator group as cn=Admin,ou=groups,o=acme.com.

   This results in two different views of the same user information.

2. IsAdmin is the common name that is mapped to the underlying directory schema:
   • IsAdmin is mapped to cn=Administrators,ou=groups,o=acme.com in Directory A.
   • IsAdmin is mapped to cn=Admin,ou=group,o=acme.com in Directory B.

IsAdmin results in a common view of the administrator group. You can reference IsAdmin when defining assertion attributes or NameID attributes that apply to the Administrator group. The system has no concern for the directory-specific schema because the directories are operationally identical.

More information:

Advanced User Attribute Mapping Examples