What is LDAP Mapping? July 29, 2024 15:11 Updated LDAP mapping refers to the process of configuring the mapping between LDAP (Lightweight Directory Access Protocol) attributes and the corresponding attributes in a system or application. It involves defining how LDAP attributes, such as usernames, email addresses, and display names, are mapped to the attributes used within the target system. How can I configure LDAP mapping? To configure LDAP mapping, you need to provide the necessary settings and parameters in the LDAP configuration file. The configuration file includes properties such as the LDAP server URL, authentication details, base Domain Name (DN), filters, and unique identifiers. These settings define how LDAP attributes are mapped to the attributes used in your BOC product. What are some important LDAP mapping properties? Some important LDAP mapping properties include: Attributes Description provider_url Specifies the URL for the LDAP directory server. principal The login name of the principal user used to look up other users. login_base_dn The base domain specification where the user objects are located. login_filter A filter option including a username placeholder to retrieve the required user object. unique_identifier One or multiple properties that serve as a unique identifier for internal use. sync_base_dn An optional parameter specifying the base domain for synchronization jobs. sync_filter An optional filter to narrow down the search result set for synchronization. ignore_missing_objectSid Specifies whether to ignore missing objectSid for LDAP users. referral Specifies the referral handling behavior. What is the purpose of LDAP synchronization? LDAP synchronization involves periodically synchronizing user data from the LDAP directory server to your system. It ensures that user information, such as usernames, email addresses, and group memberships, stays up to date in your system. Synchronization can be scheduled to run at specified intervals and helps keep user data consistent between LDAP and your application. How can I schedule LDAP synchronization jobs? LDAP synchronization jobs can be scheduled by specifying the synchronization details in the LDAP configuration file. Each synchronization job includes properties such as name, filter (optional), start node (optional), and schedule type (e.g., daily, weekly, monthly). By defining multiple synchronization jobs, you can schedule different synchronization tasks according to your requirements. Example "ldap": {"allow_client_action": false,"authentication_mode": "simple","context_factory": "com.sun.jndi.ldap.LdapCtxFactory","default_domain": "Domain1","domains": [{"connection_timeout": "5000","defaultConnector": "Standard Login","ignore_missing_objectSid": false,"index": 0,"login_base_dn": "dc=BOC,dc=com","login_filter": "(&(objectClass=user)(sAMAccountName=%username%))","login_scope": "subtree","name": "Domain1","page_size": 1000,"paged_result_control_oid": "1.2.840.113556.1.4.319","password": null,"principal": null,"principal_domain": "company.eu","principal_format": "%principal%@%principaldomain%","provider_url": "ldap://company.com:389","referral": null,"security_protocol": null,"ssl_certificate": null,"sync_base_dn": "dc=company,dc=com","sync_filter": "(objectClass=user)","unique_identifier": ["distinguishedName"],"user-mapping": {"autoCreateUser": true,"auto_sync_user": {"auto_sync_attributes": true,"auto_sync_groups": true,"auto_sync_nameduse": true,"auto_sync_repos": true,"auto_sync_roles": true,"enabled": true},"default_groups": [],"default_roles": [],"groups": [{"additionalConfig": {},"mapexistingusers": false,"match": "BOC_Group","name": "memberOf","targetName": "BOC_Group","targetType": "group","type": "contains"}],"mapped_user_handling": {"default_mapping": "Reader","mappings": []},"nameduse": [{"match": "BOC_nameduse","name": "memberOf","targetName": "{ID}","targetType": "nameduse","type": "contains"}],"properties": [{"attr": "NAME","name": "sAMAccountName"},{"attr": "FORENAME","name": "givenName"},{"attr": "SURNAME","name": "sn"},{"attr": "EMAIL","name": "mail"},{"attr": "DESCRIPTION","name": "displayName"}],"repositories": [{"additionalConfig": {"objectgroup": "{ID}"},"mapexistingusers": false,"targetName": "{ID}","targetType": "repository","type": "contains"}],"roles": [],"user_deletion_handling": {"deleteNotFoundUsers": true,"moveUndeletableUsersToGroup": true,"userGroupForUndeletableUsers": "to_be_deleted"}}}],"enabled": true,"environment": {},"properties": [{"name": "mail","recursiveNodeLookup": false},{"name": "sAMAccountName","recursiveNodeLookup": false},{"name": "displayName","recursiveNodeLookup": false},{"name": "givenName","recursiveNodeLookup": false},{"name": "distinguishedName","recursiveNodeLookup": false},{"name": "cn","recursiveNodeLookup": false},{"name": "memberOf","recursiveNodeLookup": false},{"name": "sn","recursiveNodeLookup": false},{"name": "department","recursiveNodeLookup": false}],"synchronization": {"schedules": [{"name": "LDAP_Sync","scheduleCronData": {"h": 1,"m": 0,"w": [2, 3, 4, 5, 6]},"scheduleType": 4}]},"url_pkg_prefixes": "com.sun.jndi.url"} Related articles How do I set up my MS Entra ID (Azure) for a BOC product? Environment Restart Initiators How do I place a support request? How to fix an outage (SaaS)? Local Users in a SSO Scenario