About attribute mappings
Attribute mappings define how the values of a single destination attribute are determined.
The destination attribute in an attribute mapping can be derived from a direct mapping with a source attribute, constructed from a combination of hard-coded strings and elements of other attributes, or generated using custom Java class code. All attribute mapping types support the following properties.
Property | Description | ||
---|---|---|---|
|
Specifies the name of the attribute whose values are constructed by the mapping. This property is required. |
||
|
Describes the attribute mapping. This property is optional. |
||
|
Specifies a list of values to exclude from the destination attribute after applying the mapping. This property is optional. |
||
|
Specifies the source attributes that trigger an update to the relevant destination attributes when changed, regardless of changes to attributes the mapping directly depends on. This property is optional. |
||
|
Synchronizes the value of This property is optional.
|
Use the |
The PingDataSync server supports the following attribute mappings:
- JSON attribute mapping
-
Use for a destination JSON attribute whose JSON field values are constructed by defining JSON attribute mapping field configuration objects. If any field value cannot be constructed, either because of the required source attributes not being present or the resulting value being invalid, that field is omitted from the constructed JSON attribute. The following example creates a JSON attribute mapping with the field
formatted
from thecn
attribute:$ bin/dsconfig create-attribute-map \ --map-name PingDirectory_to_PingOne_User_Map
$ bin/dsconfig create-attribute-mapping \ --map-name PingDirectory_to_PingOne_User_Map \ --mapping-name name \ --type json
$ bin/dsconfig create-json-attribute-mapping-field \ --map-name PingDirectory_to_PingOne_User_Map \ --mapping-name name \ --field-name formatted \ --set from-attribute:cn \ --set json-type:string
If any existing JSON fields of the destination attribute must be preserved, a JSON attribute configuration object must be created for the sync class.
- Constructed attribute mapping
-
Use when a destination attribute’s values are constructed from static text and multiple source attribute values. The source attribute values can be modified using regular expressions and replacement values. You can use a constructed attribute mapping to provide a fixed set of attribute values or to augment existing attribute values with additional fixed values. Constructed attribute mappings support the following properties.
Property Description value-pattern
Specifies a pattern for constructing the destination attribute value using fixed text and attribute values from the source entry.
You can’t have more than one multivalued attribute. If an attribute is multivalued, the destination value takes the same number of values minus duplicates.
For example, a mapping of
{givenName}{sn}
produces values of'Jim Smith', 'James Smith'
ifgivenName
has values of'Jim', 'James'
andsn
has a value of'Smith'.
This property is optional.
conditional-value-pattern
Specifies a pattern for conditionally constructing the destination attribute value using fixed text and attribute values from the source entry. The pattern constructs the destination attribute only if the specified LDAP filter matches the source entry. The value of this property has the form
LDAP-filter : pattern
.The LDAP filter is similar to what you can pass to the
ldapsearch
command. For example, if you want to select theadmin-user-name
attribute from the source only if theis-admin
attribute has a value oftrue
, you can use a value pattern of(is-admin=true) : {admin-user-name}
.This property is optional.
- Direct attribute mapping
-
Use when a destination attribute receives its values directly from a source attribute. To use a direct attribute mapping, the attribute values must not change in format from the source to the destination. Direct attribute mappings support the following properties.
Property Description from-attribute
Specifies the name of the source attribute whose values are used to provide the values of the destination attribute.
This property is required.
base64-encode-value
Encodes the source attribute with base-64 before synchronizing it to the destination.
This property is optional.
base-64-decode-value
Decodes the source attribute from base-64 before synchronizing it to the destination.
This property is optional.
- DN attribute mapping
-
Use when a destination attribute receives its values directly from a source attribute whose distinguished name (DN) values require translation. This translation can be performed either by an existing DN map or a map configured within the attribute mapping itself. For an example of using a DN attribute mapping to map groups, see Configuring a group mapping with attribute mappings. DN attribute mappings support the following properties.
Property Description from-attribute
Specifies the name of the source attribute whose values are used to directly provide the values of the destination attribute.
This property is required.
dn-map
Constructs the destination DN value using components of the source DN and attributes from the source entry. If source DNs match different DN patterns, you can specify multiple DN maps.
This property is optional.