Configuring Directory Synchronization 6-3 the ’Replicating Directory Changes’ Permission for the Microsoft Metadirectory Services ADAM Service Account available at http:support.microsoft.com . Some of the most important pieces of a directory synchronization profile include the connection details you assign to the properties listed in Table 6–1 :

6.4 Configuring Mapping Rules

This section discusses how to configure mapping rules. It contains these topics: ■ Distinguished Name Mapping ■ Attribute-Level Mapping ■ Manually Creating New Mapping Files ■ Supported Attribute Mapping Rules and Examples ■ Example: Mapping File for a Tagged-File Interface ■ Example: Mapping Files for an LDIF Interface ■ Updating Mapping Rules You use the mapping rules attribute to specify how to convert entries from the source to the destination. Oracle Internet Directory must either be the source or the destination. When converting the entries, there are three types of mapping rules: domain rules, attribute rules, and reconciliation rules. These mapping rules allow you to specify distinguished name mapping, attribute-level mapping, and reconciliation rules. Note that reconciliation rules are only used with Novell eDirectory and OpenLDAP. For more information on using reconciliation rules, see Chapter 22, Integrating with Novell eDirectory or OpenLDAP . Mapping rules are organized in a fixed, tabular format, and you must follow that format carefully. Each set of mapping rules appears between a line containing only the word DomainRules or AttributeRules and a line containing only three number signs . DomainRules Table 6–1 Connection Detail Properties Property Description odip.profile.condirurl The URL of the connected directory: ■ To connect to an LDAP directory, use the form host:port ■ To connect in SSL mode, use the form host:port:1. ■ To connect to a database, use the form host:port:sid odip.profile.condiraccount The DN or account name used to connect to the third-party directory Notes: ■ The account information you specify must have sufficient privileges in the directory to which you are connecting. ■ The account name is not required if you are using the LDIF or tagged data formats. ■ You will be prompted for a password. 6-4 Oracle Fusion Middleware Administrators Guide for Oracle Directory Integration Platform srcDomainName1 : [dstDomainName1]: [DomainMappingRule1] srcDomainName2 : [dstDomainName2]: [DomainMappingRule2] [DomainExclusionList] srcDomainForExclusion1 srcDomainforExclustion2 AttributeRules srcAttrName1 :[ReqAttrSeq]:[SrcAttrType]:[SrcObjectClass]:[dstAttrName1]: [DstAttrType]:[DstObjectClass]:[AttrMappingRule1] srcAttrName1 ,srcAttrName2:[ReqAttrSeq]:[SrcAttrType]:[SrcObjectClass]: [dstAttrName2]:[DstAttrType]:[DstObjectClass]:[AttrMappingRule2] [AttributeExclusionList] exclusionAttribute1 exclusionAttribute2 The expansion of srcAttrName1 and srcAttrName2 in the preceding example should be on a single, unwrapped long line.

6.4.1 Distinguished Name Mapping

This section specifies how entries are mapped between Oracle Internet Directory and a connected directory. If the mapping is between Oracle Internet Directory and another LDAP directory, then you can create multiple mapping rules. The domain rule specifications appear after a line containing only the keyword DomainRules. Each domain rule is represented with the components, separated by colons, and are described in Table 6–2 . Table 6–2 Domain Rule Components Component Name Description SrcDomainName Name of the domain or container of interest. Specify NONLDAP for sources other than LDAP and LDIF. DstDomainName Name of the domain of interest in the destination. Specify this component if the container for the entries in the destination directory is different from that in the source directory. If the value assigned to SrcDomainName is an LDAP or LDIF domain, then this field assumes the same value. However, if the value assigned to SrcDomainName is not an LDAP or LDIF domain, you must specify the container where entries should be created. If not specified, this field assumes the value of SrcDomainName under valid conditions. For destinations other than LDAP and LDIF, specify NONLDAP. Because import and export always refer to Oracle Internet Directory, a combination of NONLDAP:NONLDAP is not allowed.