Understanding Oracle Virtual Directory Mapping 5-7 addAttributeValueobjectclass,group if haveAttributeValueobjectclass,organizationalPerson: removeAttributeValueobjectclass,organizationalPerson addAttributeValueobjectclass,user if haveAttributeValueobjectclass,inetOrgPerson: removeAttributeValueobjectclass,inetOrgPerson addAttributeValueobjectclass,user when adding an entry, certain values need to be added if operation == add: if haveAttributeValueobjectClass,group: addAttributeValuegroupType,-2147483646 if not haveAttributesamaccountname: copycn,samaccountname if haveAttributeValueobjectClass,user: addAttributeValueuserAccountControl,66048 collapse aux classes removeAttributeValueobjectClass,person removeAttributeValueobjectClass,organizationalPerson set the rdn setRDNsamaccountname,cn def outbound: first rename the attributes rename{member:uniqueMember,samaccountname:uid,unicodepwd: userpassword,grouptype:ntgrouptype} map nessasary object class values if haveAttributeValueobjectclass,group: removeAttributeValueobjectclass,group addAttributeValueobjectclass,groupofuniquenames if haveAttributeValueobjectclass,user: removeAttributeValueobjectclass,user addAttributeValueobjectclass,organizationalPerson Inbound Processing The first line of the inbound function renames all inetorg attributes to Active Directory attributes. The rename function is called for all operations. For example, if the operation is a search, then all requested attributes and all attributes in the filter are renamed. If the operation is an add or modify, then all attributes effected are renamed. The second section of the inbound function replaces inetOrg object classes with InetAD object classes. Notice that you can use conditional statements to determine what actions should be performed. The third section of the inbound function checks to see if the operation is an add, and if so, it adds the specific attribute information required by Active Directory. In the fourth section of the inbound function all auxiliary object classes are removed because Active Directory does not allow for an auxiliary object class to be directly specified during an add. In the last section of the inbound function the RDN is changed from uid to cn. Notice that the code converts samaccountname to cn because uid was already renamed to 5-8 Oracle Fusion Middleware Administrators Guide for Oracle Virtual Directory samaccountname. This does more than just change the rdn from a uid to cn, but it deals with locating the cn if it is not specified for example, in a modify or a search. Outbound Processing The outbound function executes after a response is returned from Active Directory. The outbound function reverses the inbound function by first renaming all applicable attributes, then mapping the object class names, and then changing the rdn of any results.

5.4 Mapping Functions

Oracle Virtual Directory Mappings are based on the Python language and can use any functions or subroutines available in Python. In addition to the Python functions supported by Oracle Virtual Directory, Oracle provides the library functions described in the following sections: ■ Methods ■ Data Objects

5.4.1 Methods

The following is a list of the methods available for Oracle Virtual Directory Mappings in addition to those of the Python language: appendAttributesource,destination operations: add, modify, get, entry The appendAttribute function adds the values of the source attribute to the destination attribute. The source attribute remains in place. This function effects a search filter. Example: appendAttributesn,givenName addentry: dn: cn=User objectClass: person cn: User givenName: User sn: name becomes: dn: cn=User objectClass: person cn: User givenName: User givenName: name Note: Methods specifying Map xxxxx indicates that you can specify a list of values in the form: {uniqueMember:member,uid:samaccountname,[…] } This is essentially an array of one or more mapped values. Use this construct for those methods that support it when a particular method is to be used multiple times for different named pair relationships for example, rename in the Mapping Microsoft Active Directory Schema example. This syntax is good shorthand and also yields improved performance. Understanding Oracle Virtual Directory Mapping 5-9 sn: name modify: dn: cn=User changetype: modify add: sn sn: Last - add: givenName givenName: First becomes: dn: cn=User changetype: modify add: sn sn: Last - add: givenName givenName: First givenName: Last get: givenName=firstsn=last becomes: |sn=lastgivenName=lastgivenName=first copyAttributesource,destination operations: add, modify, get, entry The copyAttribute function copies attribute values from the source attribute to the destination attribute, overwriting the destination attribute if it already exists. Example: copyAttributesn,givenName addentry: dn: cn=User objectClass: person cn: User givenName: User sn: name becomes: dn: cn=User objectClass: person cn: User givenName: User givenName: name sn: name modify: dn: cn=User changetype: modify add: sn sn: Last - add: givenName givenName: First becomes: dn: cn=User changetype: modify add: sn sn: Last -