Configuring Directory Synchronization 6-9 and sn is mandatory on OID. sn is not mandatory on Active Directory SAMAccountName: : :user:sn: : person: attributes to map to cn - normally this is the given name cn: : :person:cn: :person: AttributeExclusionList facsimileTelephoneNumber telephonenumber

6.4.3 Manually Creating New Mapping Files

Oracle recommends using Oracle Enterprise Manager Fusion Middleware Control to create synchronization mapping rules when you create and configure synchronization profiles. You create mapping rules on the Mapping tab described in Creating Synchronization Profiles on page 7-1. The following information is provided for reference if you must create mapping files manually, that is, not using Oracle Enterprise Manager Fusion Middleware Control. To create new mapping files manually:

1. Identify the containers of interest for synchronization in the source directory.

2. Identify the destination containers to which the objects in the source containers

should be mapped. Be sure that the specified container already exists in the directory.

3. Determine the rule to create a DN of the entry to be created in the destination

directory. In LDAP-to-LDAP, mapping is normally one-to-one. In non-LDAP-to-LDAP, a domain DN construct rule is required. For example, in the case of synchronizing from a tagged file or Human Resources agent, the mapping rule may be in the form uid=,dc=mycompany,dc=com. In this case, the uid attribute must be present in all the changes to be applied from Oracle Human Resources. The uid attribute must be specified as a required attribute, as specified in step 6.

4. Identify the objects that you want to synchronize among directories—that is, the

relevant object classes in the source and destination directories. In general, objects that get synchronized among directories include users, groups, organizational units, organizations, and other resources. Identify the actual object classes used in the directories to identify these objects. 5. Identify the properties of the various objects that you want to synchronize among directories—that is, the attributes in the LDAP context. All the attributes of an object need not be synchronized. The properties of users that you might want to synchronize are cn, sn, uid, and mail. 6. Define the mapping rules. Each mapping rule has this format: srcAttrName:ReqdFlag:srcAttrType:SrcObjectClass: dstAttrName:dstAttrType:dstObjectClass: Mapping Rule While defining the mapping rule, ensure the following: ■ Every required attribute has a sequence number. For example, if in step 3 the uid attribute is identified as required, then assign a value of 1 in place of ReqdFlag. ■ Every relevant object class has a schema definition on the destination directory.