Policy Server Guides › Policy Server Configuration Guide › User Directories › User Attribute Mapping › Define an Attribute Mapping › Group Name › Group Name Use Case
Group Name Use Case
This use case represents a basic scenario in which two LDAP user directories use different underlying schema to identify users that belong to an Administrator group.
Note: Advanced use cases are shown in the Apply Attribute Mapping section. The advanced use cases detail how you use different attribute mapping types to identify the same user attribute across different directory types.
The following illustration details how two group name attribute mappings can define a universal schema and create a common view of the same user information.
- Two user directories identify membership to the administrator group differently:
- Directory A identifies membership in the administrator group as cn=Administrators,ou=groups,o=acme.com.
- Directory B identifies membership in the administrator group as cn=Admin,ou=groups,o=acme.com.
This results in two different representations and views of the same user information.
- IsAdmin is the common name that is mapped to the underlying directory schema:
- IsAdmin is mapped to cn=Administrators,ou=groups,o=acme.com in Directory A.
- IsAdmin is mapped to cn=Admin,ou=group,o=acme.com in Directory B.
- IsAdmin results in a common view of the administrator group. You can reference IsAdmin when defining policies, expressions, or other objects that apply to the Administrator group, without concern for the directory-specific schema, because the directories are operationally identical. SiteMinder determines that IsAdmin is cn=Administrators,ou=groups,o=acme.com in Directory A and cn=Admin,ou=group,o=acme.com in Directory B.