Stages Documentation

This is an old revision of the document!

LDAP Synchronization

Mapping LDAP Attributes to Stages

LDAP user attributes are mapped to Stages user attributes during synchronization. The corresponding mapping tags are thereby nested in the ldap-provider tag, so that a valid specification structure looks as follows: 

<ldap-provider url=„SERVER_URL“ key=„AUTHENTICATION_KEY>
…
 <ldap-attribute name="SOME_NAME" id="SOME_ID"/>
 …
</ldap-provider>

As implied in the example given above, the ldap-attribute tag has two attributes, which both are required:

  • name
  • id

NOTE: Every <font inherit/Courier New,Courier,monospace;;inherit;;inherit>ldap-provider</font> tag must at least contain one <font inherit/Courier New,Courier,monospace;;inherit;;inherit>ldap-attribute</font> tag

The name Attribute

The name attribute specifies the Stages user attribute to which the LDAP attribute should be assigned to. Possible values of that attribute are:

  • username
    • The attribute “username“ is mapped to the Stages login name. The mapping for that attribute is required, that means that every <font inherit/Courier New,Courier,monospace;;inherit;;inherit>ldap-provider</font> tag must contain an <font inherit/Courier New,Courier,monospace;;inherit;;inherit>ldap-attribute</font> tag which has its name attribute set to “<font inherit/Courier New,Courier,monospace;;inherit;;inherit>username</font>“.
  • fullname
    • The fullname is displayed on the welcome section of the Stages portal header.
  • email
    • This user attribute hold the email-address of a user.
  • phone
  • department
  • serialnumber
  • fax
  • location
  • _KEY
    • The user attribute “_KEY“ should contain a unique key for every user entry in Stages. If no mapping is specified for that user attribute then the user attribute “username“ is assumed to be unique for every user entry.
  • authenticationUsername
    • ​​​​​​​The user attribute “authenticationUsername“ should contain the LDAP distinguished name of a user entry if a mapping is specified for it. The attribute can be used to authenticate a user against a LDAP server. To enable this, the key attribute of the <font inherit/Courier New,Courier,monospace;;inherit;;inherit>ldap-provider</font> tag has to be set to that value.

The id Attribute

The id attribute specifies the LDAP attribute that should be mapped to the corresponding Stages user attribute. As the names of the LDAP attributes depend on the design and structure of the LDAP directory to be queried, the possible values of the id attribute are not limited to a certain set.

Mapping Example

The following example shows a mapping from LDAP user attributes to Stages user attributes. 

<ldap-attribute name="username" id="sAMAccountName"/>
<ldap-attribute name="fullname" id="displayName"/>
<ldap-attribute name="email" id="mail"/>

The LDAP attribute <font inherit/Courier New,Courier,monospace;;inherit;;inherit>sAMAccountName</font>is mapped to <font inherit/Courier New,Courier,monospace;;inherit;;inherit>username</font>for example.