Mapping Ldap And Liberty Attributes - Novell ACCESS MANAGER 3.1 SP1 - IDENTITY SERVER Manual

Signature Algorithm: The signature algorithm to use for signing the payload.
5 Click OK, then update the Identity Server configuration as prompted.

10.9 Mapping LDAP and Liberty Attributes

You can create an LDAP attribute map or edit an existing one. Attribute mapping involves
specifying how single-value and multi-value data items map to single-value and multi-value LDAP
attributes. A single-value attribute can contain no more than one value, and a multi-value attribute
can contain more than one. An example of a single-value attribute might be a person's gender, and
an example of a multi-value attribute might be a person's various e-mail addresses, phone numbers,
or titles.
The following fields are common among all attribute maps and are defined here:
Type: Specifies the map type. Access Manager comes with a predefined "one-to-one" mapping type
for the Liberty profiles of Personal, Employee, and General. However, the following sections
describe how to create additional map types:
Section 10.9.1, "Configuring One-to-One Attribute Maps," on page 236
Section 10.9.2, "Configuring Employee Type Attribute Maps," on page 238
Section 10.9.3, "Configuring Employee Status Attribute Maps," on page 239
Section 10.9.4, "Configuring Postal Address Attribute Maps," on page 240
Section 10.9.5, "Configuring Contact Method Attribute Maps," on page 242
Section 10.9.6, "Configuring Gender Attribute Maps," on page 243
Section 10.9.7, "Configuring Marital Status Attribute Maps," on page 244
Name: The name you want to give the map.
Description: A description of the map.
Access Rights: A drop-down menu that provide the broadest control for the page. If you set this to
Read/Write, you can specify rights for individual data items.
In order for user provisioning to succeed, you must select Read/Write from the Access Rights drop-
down menu for any maps that use an attribute during user provisioning.
User Stores: The user store that a map applies to. If a user logs into a user store that is not in the
map's user store list, that map is not used to read or write attributes for that user.
LDAP Attribute Name: The LDAP attribute name that you want to map to the Liberty attribute.
LDAP Attribute Value: The predefined LDAP attribute values that you want to map to the Liberty
values. These LDAP values are those you want to store in the LDAP attribute for each given Liberty
attribute value. The LDAP attribute map then maps the actual Liberty URI value, back and forth, to
this supplied value. Values must match the attribute exactly as it appears in the directory. For
example, "givenName" must be entered as "givenName" in the text field or the mapping does not
work.
Configuring Liberty Web Services 235