Multiple user directories in a SiteMinder environment often store the same user attributes, but use different underlying schema to identify them. In this example, a retail clothing company uses two user directories of different types. Directory A is an internal LDAP user directory for employees only. Directory B is an ODBC user directory for customers only. Each user attribute mapping is specific to the user directory in which it is defined.
The following table details how Directory A and Directory B use different underlying schema to identify the same user information. The accompanying use cases explain how you can use different attribute mappings to define a universal schema that creates a common view of the same user information, thereby making the directories operationally identical from a SiteMinder perspective.
Attribute Description |
Directory A (LDAP) |
Directory B (ODBC) |
The first name of users |
givenname |
u_first_name |
The last name of users |
surname |
u_last_name |
The sort name of users (last name, first name) |
The user directory does not uniquely store the user attribute. |
sort_name |
Is the user a customer? |
group:cn=customer,ou=groups,o=acme.com |
Users are always customers |
Is the user account disabled? |
The user directory has an AccountStatus attribute, which is a set of flags. The second bit indicates a disabled account. |
u_disabled |
Copyright © 2010 CA. All rights reserved. | Email CA about this topic |