If configure the DIP profile to load the user records from Microsoft
AD, the uid attribute is mapping with “userprincipalname” in AD level.
EX: userprincipalname filed in AD is testuser@companydomain.com [For given user]
We can verify profile from command line or GUI level.
Command line:
./ldapsearch -h oidHost.com -p 3060
-D "cn=orcladmin" -w welcome1 -b "cn=subscriber profile,cn=changelog
subscriber,cn=oracle internet directory" -s sub
"objectclass=*"
GUI level:
Connect to EM, goto DIP profiles
section and verify the same from Domain Attributes section.
The entry for uid, looks like this.
userprincipalname::
:user:uid: :inetorgperson:userPrincipalName
We need to change it as shown below. Once we change this, @Damaininfo will be truncated from userprincipalname field.
userprincipalname:: :user:uid: :inetorgperson:userPrincipalName:trunc(userPrincipalName,'@')
We need to change it as shown below. Once we change this, @Damaininfo will be truncated from userprincipalname field.
userprincipalname:: :user:uid: :inetorgperson:userPrincipalName:trunc(userPrincipalName,'@')
Then we can test the same
by creating a new entry in Microsoft AD and verify the uid attribute.
This is one way of making the changes. i.e. The mapping for
uid is “userprincipalname". If not, we can have uid mapping to “SamAccountName”. In this
case, we do not need to truncate any anything. Directly we can map and use "SamAccountName" for “uid” attribute.
No comments:
Post a Comment