LDAP Attribute Mapping Configuration

How to configure the attribute mapping in the CDM Web Application
Categories:
Tags:

The LDAP Attribute Mapping page allows you to configure how user’s attributes from an external LDAP connection will be translated to the CDM-Server’s internal representation. In the first section you will be able to set a group dn, which will determine the users available in the system. Afterwards you can configure the individual mapping between attributes in the next section. Finally you will be able to save, review and finalize the configuration.

Key Features Overview

  • Two distinguished configuration sections for more oversight
  • Easy mapping possibility with validation

Procedure

Introduction

The first time you login (and after that as long as you have not finalized the mapping) to a freshly configured instance with an LDAP ID-Provider as the admin user, you will be automatically redirected to the LDAP Attribute Mapping Configuration page.

Group DN

The next action should be to configure the group dn. Therefore navigate to the text field and enter a previously copied (to prevent typing errors) group dn into this field. Next you should validate it by clicking on the validate button.

The following results are possible:

  • The group dn is valid: Everything is fine and you can procede to the next bottom section.
  • The group dn is not valid: Please check the group dn for errors and validate again.

Attribute Mapping

The goal of this section is to configure a mapping between CDM and LDAP attributes, so that the CDM-Server will have a proper translation between those.

It contains a table with two columns, the CDM attributes on the left side and the LDAP attributes on the right.

On the left upper side next to the table, you can choose the type of your LDAP installation (Unix or Microsoft) depending on the type of OS on the LDAP host machine, which is used to apply a preconfigured mapping. If you do not wish for this automatism, you can choose Manual instead.

For each attribute on the left you have the following options to procede on the right:

  • Enter the name of an LDAP attribute: After typing in the name of an LDAP attribute you wish to map, please validate it directly afterwards. If it is valid, you will find additional information by clicking on the information icon to the right of the text field. If it is not valid, please adjust the entered name and validate again.

  • Enter nothing: If you enter nothing, the attribute will not be mapped.

All attributes except those marked with a star (*) are optional, you can finish the mapping without those.

After you have finished the mapping, you have the possibility to save the mapping and finalize the configuration. To do so, you may click on Finalize, which will present you a side by side comparison of your chosen mapping. Please review it carefully, because it can not be changed after you finalize the configuration.

If you wish to modify the mapping again, before you have finalized the configuration, you are free to do so. Please note, as long as you do not finalize the configuration, no user except the admin will be able to login.

Last modified November 14, 2024: updated deps (18d4f5f)