LDAP directory servers allow you to define attribute values for user and group entries in the directory server. Content Server supports mapping those directory server values to user and group properties in the repository. Using mapping automates setting user and group properties.
Mappings between LDAP attributes and repository properties are defined when you create the LDAP configuration object. You can map the LDAP values to the following properties:
System or user-defined properties
Multiple directory values to a single repository property, using an expression.
For example, the following expression uses the LDAP attributes sn and given name to generate a user_address value:
${sn}_${givenname#1}@company.comIf the user’s sn (surname) is Smith and the given name is Patty, the expression above resolves to smith_p@company.com. The 1 at the end of given name directs the system to only use the first letter of the given name.
You can specify an integer at the end of an LDAP attribute name in an expression to denote that you want to include only a substring of that specified length in the resolved value. The integer must be preceded by a pound (#) sign. The substring is extracted from the value from the left to the right. For example, if the expression includes ${sn#5} and the surname is Anderson, the extracted substring is Ander.
Values of repository properties that are set through mappings to LDAP attributes can only be changed either through the LDAP entry or by a user with superuser privileges.
Changing mappings for the user_name, user_login_name, or group_name after the user or group is synchronized for the first time is not recommended. Doing so may cause inconsistencies in the repository.
Table 2.23 contain examples of how the Attribute Map page for LDAP configurations is typically completed for Netscape iPlanet, Oracle Internet Directory Server, and Microsoft Active Directory LDAP servers.