Map user attributes to LDAP attributes
The identity policy takes care of the user ID for LDAP accounts, but that still leaves you with the responsibility of entering all the other attributes for each account. For the sample LDAP directory, the fullname and lastname attributes are required before an account can be created. In this section, you'll set up the LDAP service to use the full name and last name already defined for the ITIM user when creating an LDAP account.
- To illustrate what you'll be changing, you need to first start by creating an account for Mindy. Select Manage Users and then click Search to retrieve the list of users.
- Select the icon next to Mindy's name and select Request Accounts.
- Click Search to retrieve the list of services, make sure your LDAP
service is selected, and then click Continue. The Request an Account
page will open, as shown in Figure 22, with the User ID field filled in based
on the identity policy. However, the Full name and Last name fields are
required fields and they are empty. When you created the user for Mindy, this
information was added, so it should be used here as well. Scroll to the bottom
and click Cancel.
Figure 22. Create user
- Attribute mapping is configured as part of the service, so select Manage Services and then click Search to retrieve the list.
- Click the icon next to your service and select Account Defaults.., as
shown in Figure 23.
Figure 23. Modify default attributes for new accounts
- The initial list is empty. Click Add to see the list of LDAP attributes to choose from.
- The list spans multiple pages, so click through the pages until you find the
Full name attribute, shown in Figure 24. Select its radio button and then
click Add default.
Figure 24. Select an LDAP attribute to set by default
- The default value page allows you to add text before or after an ITIM user attribute. You don't want to do either, so leave both blank and click Search to find the user attribute to assign to Full name.
- The Select a User Attribute page lists all the attributes that an ITIM user
can have. In this case, the attribute name to use is the same in ITIM as it is
in the LDAP directory. Find Full name, select it, and then click OK.
This is illustrated in Figure 25.
Figure 25. Select an ITIM user attribute
- Click OK to complete the mapping. As Figure 26 illustrates, the list
of default attributes now shows that Full name maps to Full name.
Figure 26. Full name attribute mapped
- Click Add again, and this time map Last name to Last name. Once
you're back to the list pictured in Figure 27, now showing Full name and Last
name with default attributes, click OK.
Figure 27. Completed attribute mappings
- Click Close on the page with the success message, and then click Close on the Manage Services page.
- You should now be back to the Request an Account page you used earlier to start creating an account for Mindy, and your LDAP service should be selected. Click Continue.
- This time, you'll see that Full name and Last name are filled in, as
illustrated in Figure 28.
Figure 28. Create an account
Don't create the account yet, though; instead, click Cancel. This is how you'd create an account for Mindy as an administrator, but in the next section you'll log in as Mindy and request the account for yourself.