Mapping LDAP users from Microsoft Active Directory

Starting in Maximo® Application Suite 9.0, you can set up user mapping to map users from LDAP with Maximo Application Suite by using user registry synchronization in the user interface.

When synchronizing LDAP users from Microsoft Active Directory into the Maximo Application Suite database, some LDAP user properties might not match to the corresponding Maximo Application Suite user properties.

For example, an LDAP user who is called John Doe might have the givenName property set to John Doe and the displayName property set to John Doe Doe.

About this task

With user mapping, you can map the user properties between Maximo Application Suite and LDAP by specifying the LDAP field to map to the Maximo Application Suitefield. Alternatively, you can use a default value that is set by the system. For more information, see User mapping

Procedure

  1. On the Suite administration page, select Configurations from the side navigation menu and then click User registry synchonization.
  2. In the User mapping section, map the user data to synchronize with the LDAP server.

    For example, to map the LDAP user John Doe with the givenName set to John and the displayName set to John Doe, configure the following data:

    • For the givenName property in the column Maximo Application Suitefield, enter givenName as the property in the column LDAP field.
    • For the displayName property in the column Maximo Application Suitefield, enter displayName as the property in the column LDAP field.
  3. Optional: Select Use default mapping to use values that are set by the system for LDAP fields.
    If you don't specify custom field values, then default values are used.
  4. In the LDAP domain attributes section, enter Bind DN and Bind Password.
    Every time User Registry Synchronization configuration changes, you must update these security fields with the Bind DN and Bind password.
  5. Save your changes.

Results

After you save the user mapping updates, the configuration is processed and in the next scheduled synchronization cron job, the user synchronization changes are applied.

When Maximo Application Suite connects to LDAP systems, the SCIM specification is processed internally. This specification uses a set of standard properties from the LDAP registry to form the givenName and displayName for users who are created in Maximo Application Suite. By using user mapping, an administrator can synchronize the givenName and displayName to the same attributes within the LDAP directory, which prevents the need for complex naming formats.