As part of our implementation of OID, we use several different object classes of our own creation as well as the eduPerson object class. Additionally we don't use cn as our RDN for user accounts, we use a custom unique ID. We were able to change the LDAP Sync configuration in OIM to support all of this quite easily.
1) Add the custom attributes to the User Attributes in OIM.
2) Export the /metadata/iam-features-ldap-sync/LDAPUser.xml metadata from the repository.
3) To add additional object classes to be added on create, add additional <value> entries to the <parameter name="objectclass"> node .
Ex:
<parameter name="objectclass">
<value>orclIDXPerson</value>
<value>eduPerson</value>
</parameter>
4) Add your custom attributes to the three sections as noted in 13.4 of the OIM System Administrators guide.
5) To change your RDN from cn to another attribute, update the <parameter name="rdnattribute"> tag to the new directory attribute name.
Ex:
<parameter name="rdnattribute">
<value>companyid</value>
</parameter>
6) Reimport the metadata and test!
</parameter></parameter>
No comments:
Post a Comment