6-14 Oracle Fusion Middleware Administrators Guide for Oracle Directory Integration Platform the object class in a mapping rule helps to uniquely map a specific attribute of an object.

6.4.7 Updating Mapping Rules

You can customize mapping rules by adding new ones, modifying existing ones, or deleting some from the mapping rule set specified in the orclodipAttributeMappingRules attribute. In general, to perform any of these operations, you identify the file containing the mapping rules, or store the value of the attribute for a file by using an ldapsearch command as described in Oracle Fusion Middleware Administrators Guide for Oracle Internet Directory.

6.4.7.1 Adding an Entry to the Mapping Rules File

To add a new entry to the mapping rules file, edit this file and add a record to it. To do this: 1. Identify the connected directory attribute name and the object class that needs to be mapped to Oracle Internet Directory. 2. Identify the corresponding attribute name in Oracle Internet Directory and the object class to which it needs to be mapped. 3. Generate the mapping rule elements indicating the conversion that needs to be done on the attribute values. 4. Load the attribute mapping rule file to the synchronization profile using the managesyncprofiles command. For example, if the e-mail attribute of an entry in the source directory needs to be mapped to the unique identifier of the destination, then it can be: Email: : : inetorgperson: uid: : person:

6.4.7.2 Modifying an Entry in the Mapping Rules File

After you identify an entry to be modified in the mapping rules file, generate the mapping rule element for the desired conversion of attribute values.

6.4.7.3 Deleting an Entry from the Mapping Rules File

After you identify an entry to be deleted in the mapping rules file, you can either delete the entry from the file or comment it out by putting a number sign in front of it.

6.5 Extending Mappings Using Custom Plug-ins

You can extend mapping functionality using custom plug-ins. The oracle.ldap.odip.util.mapapi.IMapOperation Java interface is defined to support plug-ins for new mapping operations. This topic explains Oracle Directory Integration Platform support for custom plug-ins to extend mapping functionality and contains the following sections: See Also: ■ Location and Naming of Files on page 6-20 for the names of the mapping rule files ■ Note 261342.1 Understanding DIP Mapping Files in My Oracle Support formerly MetaLink at: http:metalink.oracle.com Configuring Directory Synchronization 6-15 ■ Writing Custom Plug-Ins ■ Mapping Plug-In Evaluation Constraints ■ Adding Mapping Plug-Ins ■ Applications of Mapping Plug-Ins ■ Example Plug-In Usage

6.5.1 Writing Custom Plug-Ins

To extend mapping functionality using custom plug-ins you must implement the oracle.ldap.odip.util.mapapi.IMapOperation interface, which requires implementing the evaluate method as follows: Vector evaluateVector operands; The operands argument is a vector. Elements of the operands vector can be one of the following, based on the plug-in invocation given in the mapping rule: ■ Vector of values attributes passed as argument for the plug-in ■ String String literal is passed as argument for the plug-in ■ Character Character literal Return type is a Vector. All elements of this Vector must be Strings or byte arrays. If you want to return a single string, a new vector of size 1 must be created and the string has to be added to it. This restriction is enforced to allow multi-valued attributes. For example: cn,sn: : :person:description: :person:PLUGINMyPlugincn, sn, “Mr” The plug-in class MyPlugin should implement Vector evaluateVector operands method. As per the plug-in invocation in the above mapping rule, the following are the elements of operands: ■ element1 is a Vector containing all values of cn Even if cn has only a single value ■ element2 is a Vector containing all values of sn Even if sn has only a single value ■ element3 is a String literal Mr

6.5.2 Mapping Plug-In Evaluation Constraints

■ If an attribute has multiple values, the corresponding plug-in will be called only once with all the attribute values stored in a Vector. The plug-in will not be called once per each attribute value. ■ Empty String literals or Character literals ’ ’ will be ignored. ■ You must identify the type of each element in the vector operands of the evaluate method and process accordingly, as per the plug-in invocation. ■ A combination of plug-ins and the existing mapping rule operators or functions is not supported. For example, the following combination is not supported as mapping rule: PluginMyPlugincn, sn + givenanme toupperPluginMyPlugincn,sn PluginTempPlugin1cn + PluginTempPlugin2sn 6-16 Oracle Fusion Middleware Administrators Guide for Oracle Directory Integration Platform ■ Oracle recommends that Mapping plug-in invocation in different attribute rules follow the same invocation signature. The following example is not recommended and is highly error prone because Myplugin has different invocation signatures: sn: : :person:givenname: :person:PLUGINMypluginsn,Mr cn: : :person:description: :person:PLUGINMyplugincn

6.5.3 Adding Mapping Plug-Ins

To add a mapping plug-in to Oracle Directory Integration Platform: 1. If it is running, stop the WebLogic Managed Server hosting Oracle Directory Integration Platform. 2. Copy the mapping plug-in JAR file to the APP-INFlib directory in the path where the Oracle Directory Integration Platform application was exploded. For example: MW_HOME user_projectsdomainsDOMAIN_NAMEserversMANAGED_SERVER_NAMEtmp _WL_userDIP_VERSION_NUMBERRANDOM_CHARACTERSAPP-INFlib 3. Start the WebLogic Managed Server hosting Oracle Directory Integration Platform.

6.5.4 Applications of Mapping Plug-Ins

This section describes various applications of Mapping plug-ins, including: ■ Support for New Mapping Operations ■ Support for Multiple Literal Values

6.5.4.1 Support for New Mapping Operations

Applications can implement their own mapping operations that are not supported internally by the mapping framework. Support for Conditional Mapping Conditional Attribute Mapping Support You can support attribute mapping based on a condition. For example, the application can support a mapping rule where if the credential attribute is present, then orclpassword must be set to ENABLED, and if not present, the orclpassword must be set to DISABLED. This logic can be supported by implementing a plug-in to assign this value. The mapping rule should be as follows: credential: : :UserType:orclisenabled::orcluserv2:ConditionalAttrBasedOnPresencecredential Conditional DN Mapping Support You can support DN container mapping based on a condition. For example, users must be mapped to container ou=sales,dc=acme,dc=com if department is Sales and mapped to container ou=IT,dc=acme,dc=com if department is IT. To support this mapping: ■ The DomainRules section can have a construction rule like: NONLDAP:dc=acme,dc=com:cn=,ou=,dc=acme,dc=com ■ The AttributeRules section can have a rule with a plug-in operation to map ou as follows: