Configuring a group mapping with attribute mappings
About this task
You can use an attribute mapping with a DN map to synchronize groups across server domains. In this task, a DN attribute mapping is used so that the target attribute receives its values directly from a source attribute that stores DN values with the added benefit of using a DN map for translating the group DNs. For more information on available attribute mappings, see About attribute mappings.
Steps
-
Use
dsconfigto configure a DN map between groups.Example:
This example involves mapping an Active Directory group to a PingDirectory group.
$ bin/dsconfig --no-prompt create-dn-map \ --map-name "AD-PD map" \ --set "from-dn-pattern:*,**,dc=example,dc=com" \ --set "to-dn-pattern:uid={1},{2},dc=example,dc=com" \ --port 1389 \ --bindDN "uid=admin,dc=example,dc=com" \ --bindPassword secret -
Use the
create-attribute-mappingcommand to create an attribute mapping.Example:
This example creates an attribute mapping from the
memberattribute in Active Directory to thememberattribute in PingDirectory.$ bin/dsconfig --no-prompt create-attribute-mapping \ --mapping-name "AD-PD attr mapping" \ --dn-map "AD-PD map" \ --type dn \ --set "description:{member}>{member} attr mapping" \ --set from-attribute:{member} \ --set to-attribute:{member}If you have not already configured a DN map between the source and destination groups, you can configure a map within the
--dn-mapoption when creating the attribute mapping. The DN map object contains the syntax for mapping the source DN to the destination DN.If you add specific attributes to the
auto-mapped-source-attributesproperty in the sync class, those attributes will be automatically synced as long as their value formats do not change from the source to the destination server.