AD Organizational identity feed

Edit online

AD Organizational identity feed provides capability for creating users based on user records from Windows Server Active Directory (AD).

This feed uses a directory resource as the source for the feed. Information from the AD organizationalPerson objectclass is mapped to the inetOrgPerson schema. This identity feed loads all user objects under a specified base.

AD Organizational service type

When you create a service instance for this identity feed, the following information is required:
  • URL used to connect to the directory resource
  • User ID and password to gain access to the resource
  • Naming context, which is the search base in LDAP terminology, and defines where in the directory tree to begin the search
  • Name attribute, which must be selected from the values that are provided

After creation, this service is set to reconcile a specific branch of the directory.

Customized attribute mapping

The Attribute Mapping file name option provides a way to customize the mapping of LDAP attributes to IBM Verify Identity Governance attributes.

The format of the attribute mapping file is feedAttrName=itimAttrName. Lines that begin with a number sign (#) or semicolon (;) are interpreted as comments.

The attribute mapping file completely overrides the default mappings. All attributes that are needed from the feed source must be included in the mapping file.

These attributes must be included in the mapping file:
  • Attributes that are specified as required in the person profile form
  • Attributes that are specified as required in the LDAP schema for the target person profile

If an attribute from the feed source is not included in the attribute mapping file, the value is not set on the IBM Verify Identity Governance attribute.

The following example shows that six attributes are mapped. All other LDAP attributes are ignored.
#feedAttrName=itimAttrName
cn=cn
sn=sn
title=title
telephonenumber=mobile
mail=mail
description=description

UTF-8 encoding in an identity feed file

Your identity feed file must be in UTF-8 format. You must use an editor that supports UTF-8 encoding.

  • Windows

    The following are UTF-8 capable: Microsoft Word 97 or later, or the Notepad editor that is included with the Windows 2003 Server or Windows XP operating systems.

    To save a file in UTF-8 format using Notepad, click File > Save As. Then, expand the list of choices for the Encoding field and select UTF-8.

  • Linux®

    The Vim text editor (a version of the classic vi editor) is UTF-8 capable. To work with files in UTF-8 format using the Vim text editor, specify the following:

    :set encoding=utf-8
:set guifont=-misc-fixed-medium-r-normal--18-120-100-100-c-90-iso10646-1

    If your version of UNIX does not include this text editor, access this Web site:

    http://www.vim.org

Note: For the 7-bit ASCII code subset, the UTF-8 encoded Unicode format is identical to 7-bit ASCII format. For input files that contain 7-bit ASCII (ASCII character values between hex 20 to hex 7e), you can use a normal text editor to create the file. For files containing any other character values (including extended European characters), you must save the file in UTF-8 format.

For an exact list of the 7-bit ASCII characters as supported by UTF-8, access this Web site and click the Basic Latin link in the first column:

http://www.unicode.org/charts