Mapping Attributes 

Use

You can use any schema on the corporate LDAP directory where you store your central user data. However, if you are using the Java API of the user management component of the Enterprise Portal to access user data on your LDAP directory, you must map the attribute names used in the schema of your corporate LDAP directory to the attribute names used by the Java API of the user management component.

The attribute for email address is named 'E-mail' in the schema for your corporate LDAP directory, but the logical attribute used by the user management component is named 'email'. You must map 'e-mail' to 'email' in the configuration file.

A default version of the XML file with attribute mapping data is shipped with the Enterprise Portal. This default file maps the attributes of the Java User Management API to the attributes used for the schema InetOrgPerson in the X.500 standard. If you use this standard without any modifications, you will not need to change the attribute mapping data.

Prerequisites

You have defined a schema for the corporate LDAP directory where you store your central user data. This schema is different to the schema used for organizationPerson in the X.500 standard.

You have configured the location of your central user data repository as described in Defining Location of Central User Data Repository.

You are familiar with XML.

Procedure

...

      1.      Open the repository configuration file called repository_configuration.xml at <servlet_engine>\web-inf\plugins\portal\services\usermanagement\data, where <servlet_engine> refers to the Java iView Runtime servlet engine.

This file contains configuration data that you configured in the configuration tool. It also contains default attribute mapping data.

      2.      In the searchfilter tag of the user, group, or role section, define the name of the object class for which you are mapping the attributes.

For example, if you are using the objectclass Person, you have to change the searchfilter as follows:

<searchfilter>

<![CDATA[ (&(objectclass=person))]]>

</searchfilter>

      3.      Make sure that the naming attribute of your objectclass is defined in the primary key.

For example, if you are using objectclass Person, you have to change the primarykey tag to cn.

<primarykey>cn</primarykey>

      4.      Modify the default attribute-mapping data to map the attributes in your corporate LDAP directory to the logical attributes in the Java User Management API. The 'logicalattributename' tag refers to the name of the attribute in the API. The 'physicalattributename' tag refers to the name of the attribute in the schema of your corporate LDAP directory.

If an attribute is not mapped, the API will not have access to this data.

The following table lists the set of attribute names used in the API. These attribute names can also be found in the API in the interfaces IUser and IUMPrincipal.

Name of Attribute in API

city

company

country

currency

dateformat

department

email

fax

firstname

lastname

locale

mobile

pobox

position

preferredlanguage

salutation

state

streetaddress

telephone

timezone

title

zip

description

displayname

 

      5.      Save the file.

 

Result

The Java User Management API can access the attributes that have been mapped on your corporate LDAP directory server.

 

Example

The following is an example of the first section of the repository configuration file. The first part consists of information from the security and user management configurations that is automatically written to this file. You should not modify this part of the file. The second part contains attribute mapping data.

 

<repository alias="Corporate Authentication Server">

<adapterclass>com.sapportals.portal.security.usermanagement.UserPersistenceJNDI</adapterclass>

<additionaldata>optional</additionaldata>

<user>

<root>ou=People,o=wdf.sap-ag.de</root>

<authentication>simple</authentication>

<login>cn=Directory Manager</login>

<password>5VH+IO8hNYrCyw==</password>

<access>r</access>

<servername>p60655</servername>

<serverport>389</serverport>

<searchfilter><![CDATA[(&(objectclass=inetorgperson))]]> </searchfilter>

<primarykey>uid</primarykey>

<attributes>

<attribute>

<logicalattributename>displayname</logicalattributename>

<physicalattributename>displayname</physicalattributename>

</attribute>

<attribute>

<logicalattributename>lastname</logicalattributename>

<physicalattributename>sn</physicalattributename>

</attribute>

<attribute>

<logicalattributename>firstname</logicalattributename>

<physicalattributename>givenname</physicalattributename>

</attribute>