Configuring Directory Synchronization 6-5 Example 6–1 Example of Distinguished Name Mapping Distinguished Name Rules USERBASE INSOURCE:USERBASE ATDEST: USERBASE refers to the container from which the third-party directory users and groups must be mapped. Usually, this is the users container under the root of the third-party directory domain. Example 6–2 Example of One-to-One Distinguished Name Mapping For one-to-one mapping to occur, the DN in the third-party directory must match that in Oracle Internet Directory. In this example, the DN in the third-party directory matches the DN in Oracle Internet Directory. More specifically: ■ The third-party directory host is in the domain us.mycompany.com, and, accordingly, the root of the third-party directory domain is us.mycompany.com. A user container under the domain would have a DN value cn=users,dc=us,dc=mycompany,dc=com. ■ Oracle Internet Directory has a default realm value of dc=us,dc=mycompany,dc=com. This default realm automatically contains a users container with a DN value cn=users,dc=us,dc=mycompany,dc=com. Because the DN in the third-party directory matches the DN in Oracle Internet Directory, one-to-one distinguished name mapping between the directories can occur. If you plan to synchronize only the cn=users container under dc=us,dc=mycompany,dc=com, then the domain mapping rule is: Distinguished Name Rules cn=users,dc=us,dc=mycompany,dc=com:cn=users,dc=us,dc=mycompany,dc=com This rule synchronizes every entry under cn=users,dc=us,dc=mycompany,dc=com. However, the type of object synchronized under this container is determined by the attribute-level mapping rules that follow the DN Mapping rules. If you plan to synchronize the entry cn=groups,dc=us,dc=mycompany,dc=com under cn=users,dc=us,dc=mycompany,dc=com then the domain mapping rule is as follows: DomainMappingRule This rule is used to construct the destination DN from the source domain name, from the attribute given in AttributeRules, or both. This field is typically in the form of cn=,l=,o=oracle,dc=com. These specifications are used to put entries under different domains or containers in the directory. In the case of non-LDAP sources, this rule specifies how to form the target DN so it can add entries to the directory. This field is meaningful only when importing to Oracle Internet Directory, or when exporting to an LDIF file or another external LDAP-compliant directory. Specify this component if any part of an entrys DN in the destination directory is different from that in the source directory entry. This component is optional for LDAP-to-LDIF, LDAP-to-LDAP, or LDIF-to-LDAP synchronizations. If it is not specified, then the source domain and destination domain names are considered to be the same. Table 6–2 Cont. Domain Rule Components Component Name Description