Mapping LDAP Attributes to Stages
LDAP user attributes are mapped to Stages user attributes during synchronization. The corresponding mapping tags are thereby nested in the ldap-provider tag, so that a valid specification structure looks as follows:
<ldap-provider url=„SERVER_URL“ key=„AUTHENTICATION_KEY> … <ldap-attribute name="SOME_NAME" id="SOME_ID"/> … </ldap-provider>
As implied in the example given above, the ldap-attribute tag has two attributes, which both are required:
NOTE: Every ldap-provider tag must at least contain one ldap-attribute tag
The name Attribute
The name attribute specifies the Stages user attribute to which the LDAP attribute should be assigned to. Possible values of that attribute are:
- The attribute “username“ is mapped to the Stages login name. The mapping for that attribute is required, that means that every ldap-provider tag must contain an ldap-attribute tag which has its name attribute set to “username“.
- The fullname is displayed on the welcome section of the Stages portal header.
- This user attribute hold the email-address of a user.
- The user attribute “_KEY“ should contain a unique key for every user entry in Stages. If no mapping is specified for that user attribute then the user attribute “username“ is assumed to be unique for every user entry.
- The user attribute “authenticationUsername“ should contain the LDAP distinguished name of a user entry if a mapping is specified for it. The attribute can be used to authenticate a user against a LDAP server. To enable this, the key attribute of the ldap-provider tag has to be set to that value.
The id Attribute
The id attribute specifies the LDAP attribute that should be mapped to the corresponding Stages user attribute. As the names of the LDAP attributes depend on the design and structure of the LDAP directory to be queried, the possible values of the id attribute are not limited to a certain set.
The following example shows a mapping from LDAP user attributes to Stages user attributes.
<ldap-attribute name="username" id="sAMAccountName"/> <ldap-attribute name="fullname" id="displayName"/> <ldap-attribute name="email" id="mail"/>
The LDAP attribute sAMAccountNameis mapped to usernamefor example.