Previous Topic: Create an Expression Attribute Mapping

Next Topic: First Name Use Case

Apply User Attribute Mapping

Multiple user directories in a SiteMinder environment often store the same user attributes, but use different underlying schema to identify them. In this example, a retail clothing company uses two user directories of different types. Directory A is an internal LDAP user directory for employees only. Directory B is an ODBC user directory for customers only. Each user attribute mapping is specific to the user directory in which it is defined.

The following table details how Directory A and Directory B use different underlying schema to identify the same user information. The accompanying use cases explain how you can use different attribute mappings to define a universal schema that creates a common view of the same user information, thereby making the directories operationally identical from a SiteMinder perspective.

Attribute Description

Directory A (LDAP)

Directory B (ODBC)

The first name of users

givenname

u_first_name

The last name of users

surname

u_last_name

The sort name of users (last name, first name)

The user directory does not uniquely store the user attribute.

sort_name

Is the user a customer?

group:cn=customer,ou=groups,o=acme.com

Users are always customers

Is the user account disabled?

The user directory has an AccountStatus attribute, which is a set of flags. The second bit indicates a disabled account.

u_disabled


Copyright © 2010 CA. All rights reserved. Email CA about this topic