How do we map IDs in Identity Manager. i.e If I have employeeID as the primary ID in Identity Manager to identify a user, How can I map the user using some other ID to an LDAP and AD resource (say userID identifies the user in in LDAP and adid identifies th user in AD). ie I want to link the users employeeID in idmanage to employeeID in AD and LDAP, but the user will be identified in AD and LDAP with the userID and adid respectively. Can I link the same employeeID in IdMgr to multiple userIDs in LDAP and also multiple adids in AD also at the same time. Any idea?
Well your statements are bit confusing for me.
What I understand is you have extended attribute “employeeID” in IDM same as AccountId in idm, what you what is you want to map employeeID of Idm to some employeeID attribute in LDAP and AD and both AD and LDAP have their separate ID’s
In resource schema map you can map the attributes for both ad and ldap. And account id’s could be different as well depends on your setting
In my case i mapped (for LDAP)
accountId === uid
employeeID === employeeNumber
Identity Template is:
Thanks. Sorry for the confusion. What I am trying to do is
1. Although I'd like to map using one particular attribute, say accountID in IdMgr to accountID in LDAP or AD, I'd like the user to login to LDAP or AD using some other attribute (say login name attribute. ie DN is loginname=abcd, ou=people, dc=companyname, dc=com).
2. Can I do one to many mapping from IdMgr to the LDAP or AD resources in the above case also. i.e one IDMgr account mapping to multiple accounts on the same LDAP or AD resource.
Correlation using a different attribute is fine. Now Can I do one to many mapping from IdMgr to the LDAP or AD resources also. i.e one IDMgr account mapping to multiple accounts on the same LDAP or AD resource at the same time. More over both accounts can be provisioned and deprovisioned separately and can also go through different resource approval process. We can make them active or inactive separately as well. Any Idea?
Moreover can we map multiple IDs in Identity manager. i.e If I normally login to Identity Manager with my user ID, can I also login to the same account using another attribute in the user record, say employeeID. Thx
User login is depend on your login Modules. By default is set to waveset, that's why we logged in by user accountId in IDM.
You can configure login module so that you can user AD ID or LDAP ID to login.
In my application user can log in with IDM id or LDAP email (which is user email), here in my case LDAP UID is user email.
so our user either login with IDM id or their email id and ldap password.
Please read how to set login modules.