Setting up the mapping array for synchronization settings

Use this variable to set up the basic synchronization parameters.

mapping-attributes-basic

Set up the basic subject details from the Directory.

  • GUID – subject GUID.

  • modifyTimestamp – timestamp showing when the subject was last synchronized.

  • type – name of the attribute that determines the subject type (user/group/role).

  • DN_NAME – unique user name.

Example:

'mapping-attributes-basic'=>array(
      'GUID'              => 'GUID',
      'modifyTimestamp'   => 'modifyTimestamp',
      'type'              => 'objectClass',
      'DN_NAME' => 'cn'
   ),

mapping-attributes-type

Sets up the attributes to determine a subject unambiguously. If a user has additional attributes, they need to be added in the array as additional standalone items.

Example:

'user' => array('inetOrgPerson', 'person' )

Example:

'mapping-attributes-type'=>array(
    'user' => 'person', //attribute for users
    'group' => 'group',
    'role' => 'role'
  ),

mapping-attributes-type-add

Set up the items for the attribute determining the subject type.

Example:

'mapping-attributes-type-add'=>array(
    'user' => array(),
    'group' => array(),
    'role' => array()
  ),

In the Directory, it is mandatory to fill them in.

Example:

'mapping-attributes-type-add'=>array(
    'user' => array( 'top' => 'objectClass[0]', 'type' => 'objectClass[1]', 'organizationalPerson' => 'objectClass[2]', 'user' => 'objectClass[3]' ),
    'group' => array( 'top' => 'objectClass[0]' ),
    'role' => array( 'top' => 'objectClass[0]' )
  ),

mapping-attributes-type-members

Set up the name of the relations attribute (membership in groups and roles).

Example:

'mapping-attributes-type-members'=>array(
    'group' => 'member',
    'role' => 'member'
  ),

mapping-attributes-type-membersof

Set up the name of the attribute that determines the subject that the current subject is a member of. In most cases this item is commented out, because it might not be consistent with the values in mapping-attributes-type-members. Those are also more accurate.

Example:

'mapping-attributes-type-membersof'=>array(
    'user' => 'groupMembership',
    'group' => 'equivalentToMe',
    'role' => 'equivalentToMe'
  ),

mapping-filter

Use this item to set up a basic filter for LDAP.

Example:

'mapping-filter'=> "(|(objectClass=inetOrgPerson)(objectClass=groupOfNames)(objectClass=organizationalRole))"

arr_basedn_filter

This part is used to set up various filters, basedn and the type for LDAP (ldap_search/ldap_read/ldap_list).

  • name_group – name of the group that will contain all synchronized subjects

  • what_sync – you can use this to set up whether to synchronize users (1), groups (2), roles (3) and memberships (4).

Examples:

To synchronize users and groups:

'what_sync' => 12

To select all items in the whole Directory, simply enter:

'basedn' => ' ',

To enable all users, set the value of is_enabled_user to true:

'is_enabled_user' => true,

To disable all users, set the value to false:

'is_enabled_user' => false,

If you do not specify any basedn, the default value will be used automatically.

Example:

array(
    'basedn' => 'o=TEST',
    'filter' => "(|(objectClass=inetOrgPerson) )",
    'ldap_type' => 'ldap_search'
  ),

array(
    'basedn' => 'o=TEST-test',
    'filter' => "(|(objectClass=groupOfNames) )",
    'ldap_type' => 'ldap_read'
  ),

array(
    'basedn' => 'o=TEST-test',
    'filter' => "(|(objectClass=organizationalRole) )",
    'ldap_type' => 'ldap_list'
  ),

mapping-none-name

Use this item to determine which names not to synchronize.

Example:

'mapping-none-name'=>array(
    'user' => array('admin','Administrator'),
    'group' => array('Guests', 'Users', 'Print Operators', 'Backup Operators', 'Replicator', 'Remote Desktop Users', 'Network Configuration Operators', 'Performance Monitor Users', 'Performance Log Users', 'Distributed COM Users', 'IIS_IUSRS', 'Cryptographic Operators', 'Event Log Readers', 'Certificate Service DCOM Access', 'Server Operators', 'Account Operators', 'Pre-Windows 2000 Compatible Access', 'Incoming Forest Trust Builders', 'Windows Authorization Access Group', 'Terminal Server License Servers', 'Terminal Server License Servers3'),
    'role' => array()
  ),

Setting up the prefix and suffix

Use this item to set up a prefix and suffix to add to a subject name. Or comment out to keep the subject name the same as in the Directory.

Example:

'mapping-sufix-prefix-name'=>array(
    'user' => 'ad_%name%_da', // attaches ad_ and _da to the login name. Example: Login name John will, during first synchronization, become ad_John_da
    'group' => 'default', // the synchronization name will be added to the name prefix. If the synchronization is named ED and the group FS, on first synchronization it will become ED_FS.
    'role' => NULL // the name will match the one in the Directory
  ),