Version: 1.5
Category: Process
Extended Category: LDAP
Action Package: Standard Actions
Description
Search for and replace a DN attribute with a matching LDAP DN. This is ,for example, used for synchronizing group members between different directories. The search uses the naming attribute of the existing DN to find a match to the specified LDAP attribute on a new DN object. The full DN of the matched object replaces the existing DN value. This works for both single and multivalue session attributes.
|
Parameter |
Description |
Example |
|
Target Data Source |
Select an LDAP data source |
OpenDJ |
|
Search Base DN |
The search base for matching objects. |
O=CompanyName |
|
Session DN Attribute to Replace |
The session object DN attribute to replace by matching with LDAP. |
MatchedDN |
|
Match Value to LDAP Attribute |
The LDAP object attribute to match against the session object value. |
memberOf |
|
Optional Search Filter |
An optional LDAP search filter to append. |
(&(cn=*)(objectclass=group)) |
|
Remove or Ignore Unmatched Values |
Should unmatched values be ignored or removed from the session attribute? (remove or ignore, default: remove). |
ignore |
Use Cases
Example 1: Replace Groups from AD with groups from OpenDJ
This action will replace the current user group memberships with matched groups for a different directory. Groups that doesn’t exist in the other directory will be dropped from the session attribute memberOf.
|
Parameter |
Value |
|
Target Data Source |
OpenDJ |
|
Search Base DN |
ou=Internal Users,o=Company |
|
Session DN Attribute to Replace |
memberOf |
|
Match Value to LDAP Attribute |
cn |
|
Optional Search Filter |
[BLANK] |
|
Remove or Ignore Unmatched Values |
[BLANK] |
DISCLAIMER
Information provided in this document is for your information only. PhenixID makes no explicit or implied claims to the validity of this information. Any trademarks referenced in this document are the property of their respective owners.The origin of this information may be internal or external to PhenixID. PhenixID makes all reasonable efforts to verify this information.
PhenixID - support.phenixid.se