--- title: Configure DN maps description: Similar to attribute maps, DN maps define mappings when destination DNs differ from source DNs. These differences must be resolved using DN maps in order for synchronization to successfully take place. For example, the Sync Source could have a DN in the following format: component: pingdirectory version: 11.0 page_id: pingdirectory:pingdatasync_server_administration_guide:pd_sync_config_dn_maps canonical_url: https://docs.pingidentity.com/pingdirectory/11.0/pingdatasync_server_administration_guide/pd_sync_config_dn_maps.html revdate: September 13, 2023 page_aliases: ["pd_sync_config_dn_map_dsconfig.adoc"] section_ids: configuring-a-dn-map-by-using-dsconfig: Configuring a DN map by using dsconfig about-this-task: About this task steps: Steps --- # Configure DN maps Similar to attribute maps, DN maps define mappings when destination DNs differ from source DNs. These differences must be resolved using DN maps in order for synchronization to successfully take place. For example, the Sync Source could have a DN in the following format: ``` uid=jdoe,ou=People,dc=example,dc=com ``` The Sync Destination could have the standard X.500 DN format. DN mappings allow the use of wildcards for DN transformations. A single wildcard (`*`) matches a single RDN component and can be used any number of times. The double wildcard (`**`) matches zero or more RDN components and can be used only once. | | | | - | --------------------------------------------------------------------- | | | If a literal '\*' is required in a DN, it must be escaped as `'\2A'`. | The wildcard values can be used in the `to-dn-pattern` attribute using {1} to replace their original index position in the pattern, or {attr} to match an attribute value. For example: ``` *,**,dc=com->{1},ou=012,o=example,c=us ``` For example, using the DN, `uid=johndoe,ou=People,dc=example,dc=com`, and mapping to the target DN, `uid=johndoe,ou=012,o=example,c=us`: * `"*"` matches one RDN component, `uid=johndoe` * `"**"` matches zero or more RDN components, `ou=People,dc=example` * `"dc=com"` matches `dc=com` in the DN. The DN is mapped to the `{1},ou=012,o=example,c=us`. `"{1}"` substitutes the first wildcard element `"uid=johndoe"`, so that the DN is successfully mapped to: ``` uid=johndoe,ou=012,o=example,c=us ``` Regular expressions and attributes from the user entry can also be used in the `to-dn-pattern` attribute. For example, the following expression constructs a value for the `uid` attribute, which is the RDN, out of the initials (first letter of given name and `sn`) and the employee ID (the `eid` attribute) of a user. ``` uid={givenname:/^(.)(.*)/$1/s}{sn:/^(.)(.*)/$1/s}{eid},{2},o=example ``` | | | | - | -------------------------------------------------------------------------------------- | | | PingDataSync automatically validates any DN mapping before applying the configuration. | ## Configuring a DN map by using `dsconfig` ### About this task You can configure a DN map by using `dsconfig`, either with the interactive DN Map menu, or from the command line. Perform the following to configure a DN map: ### Steps 1. Use `dsconfig` to create a DN map for PingDataSync. ```shell $ bin/dsconfig --no-prompt create-dn-map \ --map-name nested-to-flattened \ --set "from-dn-pattern:*,**,dc=example,dc=com" \ --set "to-dn-pattern:uid={1},{2},dc=example,dc=com" \ --port 1389 \ --bindDN "uid=admin,dc=example,dc=com" \ --bindPassword secret ``` 2. After DN mappings are configured, add the new DN map to a new Sync Class or modify an existing Sync Class. ```shell $ bin/dsconfig --no-prompt set-sync-class-prop \ --pipe-name test-sync-pipe \ --class-name test-sync-class \ --set dn-map:test-dn-map \ --port 389 --bindDN "uid=admin,dc=example,dc=com" \ --bindPassword secret ```