You are looking at documentation for an older release. Not what you want? See the current release documentation.
Assume you have a populated directory and a number of users under a base DN - that can be anywhere in the tree. In reality, the user entries can be branched in several bases, like this:
Let's see how far the pre-configured identity object type "USER" can solve this case:
User attributes
There are 3 attributes that should always be mapped (because they are mandatory in eXo Platform):
Platform | OpenLDAP | MSAD |
---|---|---|
firstName | cn | givenName |
lastName | sn | sn |
See the full list of Platform user attributes. For example, if you want to map Platform attribute user.jobtitle to LDAP attribute title, the configuration looks like below:
<attributes>
<attribute>
<name>user.jobtitle</name>
<mapping>title</mapping>
<type>text</type>
<isRequired>false</isRequired>
<isMultivalued>false</isMultivalued>
<isReadOnly>false</isReadOnly>
<isUnique>false</isUnique>
</attribute>
</attributes>
The user identifier in eXo Platform is username, and needs to be mapped definitively. Therefore, do not include it in the attributes mapping. Instead, configure the LDAP attribute that should match it (uid in the following example):
<options>
<option>
<name>idAttributeName</name>
<value>uid</value>
</option>
</options>
context DNs (user divisions)
You need to provide the location (DNs) where your LDAP users are located, in the ctxDNs (context DNs) option. Notice it accepts multiple values:
<option>
<name>ctxDNs</name>
<value>ou=People,o=acme,dc=example,dc=com</value>
<value>ou=People,o=emca,dc=example,dc=com</value>
</option>
Generally, the pre-configured type USER should work with easy modification, for many divisions of users. The only condition is all the divisions can share the same mapping.
To be clear, if o=acme
users want their telephoneNumber to be mapped to their Platform profile, while
o=emca
do not, the case seems not to be supported.
If it becomes a reality to you, the best way is to raise your question in eXo Community Forum.
When LDAP users and groups are mapped into eXo Platform, their data (for example, user profile, personal document, calendar) need to be created as if they were eXo Platform users and groups. See how to do that in Synchronization.