This content has been marked as final. Show 5 replies
Well your statements are bit confusing for me.
What I understand is you have extended attribute “employeeID” in IDM same as AccountId in idm, what you what is you want to map employeeID of Idm to some employeeID attribute in LDAP and AD and both AD and LDAP have their separate ID’s
In resource schema map you can map the attributes for both ad and ldap. And account id’s could be different as well depends on your setting
In my case i mapped (for LDAP)
accountId === uid
employeeID === employeeNumber
Identity Template is:
Thanks. Sorry for the confusion. What I am trying to do is
1. Although I'd like to map using one particular attribute, say accountID in IdMgr to accountID in LDAP or AD, I'd like the user to login to LDAP or AD using some other attribute (say login name attribute. ie DN is loginname=abcd, ou=people, dc=companyname, dc=com).
2. Can I do one to many mapping from IdMgr to the LDAP or AD resources in the above case also. i.e one IDMgr account mapping to multiple accounts on the same LDAP or AD resource.
Correlation using a different attribute is fine. Now Can I do one to many mapping from IdMgr to the LDAP or AD resources also. i.e one IDMgr account mapping to multiple accounts on the same LDAP or AD resource at the same time. More over both accounts can be provisioned and deprovisioned separately and can also go through different resource approval process. We can make them active or inactive separately as well. Any Idea?
User login is depend on your login Modules. By default is set to waveset, that's why we logged in by user accountId in IDM.
You can configure login module so that you can user AD ID or LDAP ID to login.
In my application user can log in with IDM id or LDAP email (which is user email), here in my case LDAP UID is user email.
so our user either login with IDM id or their email id and ldap password.
Please read how to set login modules.