Attribute mappings
Attribute mappings are the easiest approach to configure transformations without the need for writing scripts. A specific set of mappings can be defined for each type of object you are synchronizing (e.g. users, groups, devices).
Attribute mapping can be accomplished with any combination of the following: mapping a destination attribute from a source attribute, setting a constant value, using a function to compute a value, or setting a default value.
- Select the Mappings and/or Script and Mappings option from the Transformation Type drop-down list.
- Expand the Mappings section and select ADD.
- Enter a name to describe the mapping. Typically, this is the name of the object type the mapping is to be associated with. A good practice is to have the name indicate the source object and destination object (e.g. ADUsersToAzureADUsers) to make it easily identifiable in the list of mappings. Once you create a pipeline mapping and save it, you are not able to change the name.
- Select the object class associated with the source entries from the Source Object drop-down list. If you do not see the object class in the list, make sure you have extended the RadiantOne LDAP schema before reaching this step. If you want to listen for changes on all types of objects, you can use the -- All Objects -- option.
- Select the object class associated with the destination entries from the Destination Object drop-down list. If you do not see the object class in the list, make sure you have extended the RadiantOne LDAP schema before reaching this step. If you want to apply changes on all types of objects, you can use the -- All Objects -- option.
- Select EDIT for Source Event Filter to condition the events you want to process for synchronization. The event can be comprised of one or more expressions based on
AND
,OR
,NOT
conditions. Any source event that does not match the filter is not processed by the attribute mappings. If no Source Event Filter is configured, every source event is processed by the attribute mappings. - Select EDIT for Destination DN to create an expression for computing the DN for the entry in the target. Use $ to insert an attribute in the expression. The DN suffix to reach the destination should match the location in the RadiantOne namespace where you mounted the virtual view of the target data source.
- In the Attribute Mappings section, you can:
A. Use the "AUTO MAP" option to automatically map source attributes to target attributes with the same nam1. B. Perform the attribute mapping directly in the table that lists all of the target attributes by clicking in the Source Type column and selecting one of the following options: Source Attribute, Constant or Function. If Source Attribute is selected, click in the Source Value column to display a list of source attributes to choose from. If Constant is selected, enter the value to set the destination attribute to. If Function is selected, click +Add in the Source Values column and select the Function to us1. C. Define attribute mappings with conditional filters by selecting Add below Attribute Mappings (outside of the table) and following the steps below. - Select a Destination Attribute from the drop-down list.
- Select the Source Value Type from the drop-down list.
- If Constant is selected for the Source Value Type, enter the value to set the destination attribute to in the Source Value(s) property. If Source Attribute is selected, select the attribute to use from the Source Value(s) drop-down list. If Function is selected, select ADD next to the Source Value(s) property and choose the function to use to compute the value of the attribute. See Functions Available for more details.
- (Optional) If a default value should be set in cases where the source attribute does not have a value for the attribute, enter the value in the Default Value property.
- If this attribute mapping should be applied when creating new entries in the destination, check the option "On Create Entry". Otherwise, uncheck this option and the mapping does not get applied when creating entries.
- If this attribute mapping should be applied when updating entries in the destination, check the option "On Update Entry". Otherwise, uncheck this option and the mapping does not get applied when updating entries.
- (Optional) Conditional Filter on the attribute mapping levels, describes the conditions that dictate if the attribute mapping gets applied. This attribute mapping only gets applied if the source attribute(s) value(s) matches the conditional filter.
- Select Save.
- Repeat steps 8-16 for each target attribute you want to define.
- Repeat steps 1-17 to create all mappings for the synchronization pipeline (e.g. mappings for all object types).
Destination DN
The Destination DN expression is used generate the DN for the entry in the destination and is based on one or more attributes from the source event. As an example, if the destination in a sync pipeline was the object=SUPPLIERS,o=hrdatabase
view shown in the screen below, the Destination DN syntax could look like: SUPPLIERS=${employeeNumber},object=SUPPLIERS,o=hrdatabase
where ${employeeNumber}
indicates the employeeNumber attribute value from the source event is used to comprise the RDN (e.g. SUPPLIERS=1234,object=SUPPLIERS,o=hrdatabase
). When processing insert and update events with attribute mappings, a lookup is performed in the destination based on the Destination DN expression, to see if the entry exists. If the entry does not exist, it is inserted. If it does exist, the entry is updated.
The corresponding Destination DN Expression to match the example described above is shown below.
As an alternative to using a specific source attribute in the DN expression, you can use the source entry's RDN value to compute the target DN with the following syntax:
${rdn[1]},{SUFFIX_IN_THE_RADIANTONE_NAMESPACE_CORRESPONDING_TO_THE_DESTINATION}
As an example, assume a source entry has a DN of CN=Anna Gold,o=activedirectory
and the target DN expression is ${rdn[1]},o=companydirectory
. The transformation would try to find an entry identified as CN=Anna Gold,o=companydirectory
in the destination. If the entry did not exist, it would be inserted. If the entry exists, it would be updated.
DN expressions support a mix of constant (string) characters and attribute substitution, function substitution, and RDN substitution. The table below summarizes some examples of DN expressions.
Type of substitution | Examples |
---|---|
Attribute Substitution | Source Event: |
Function Substitution | Source Event: |
RDN Substitution | Source Event: |
Source event filter
The source event filter is applied on each change event to determine if the attribute mappings are processed. If an entry passes the filter, the attribute mappings are evaluated.
A source event filter can be comprised of one or more conditions each of which is comprised of one or more expressions.
The filter window is blank by default and assumes a single expression will be used. An expression is based on a source attribute that can be conditioned (e.g. equals
, not equals
) on a value. Select a source attribute from the drop-down list, choose the condition and then enter a value. Based on the example below, only entries that have department=Sales are sent to the attribute mapping phase.
To configure a condition with multiple expressions or multiple conditions, start the filter by choosing and or or from the drop-down list.
After the first expression is configured, select Add Expression and a new line is added to the configuration. In the example below, only entries that have department=Sales AND title that starts with "Solution" are sent to the attribute mapping phase.
To remove an expression, select
To remove the entire filter, select
To accept the filter, select
You can also use the Add Condition button to add a nested condition.
Conditional filter
The conditional filter is applied on each source attribute of the change event to determine if the target attribute mapping gets applied. A conditional filter can be comprised of one or more conditions each of which is comprised of one or more expressions.
The filter window is blank by default. Select Add Expression or Add Condition to get started.
An expression is based on a source attribute that can be conditioned (e.g. equals
, not equals
) on a value. Select a source attribute from the drop-down list, choose the condition and then enter a value. Based on the example below, only entries that have employeeType
that starts with Temp
get this target attribute mapping applied.
The values are not case-sensitive.
The conditional filter can be based on one or more source attributes. To create a filter with one condition containing two expressions, select Add Condition and then select Add Expression. Define each expression. In the example below, the destination attribute named employeeType
is populated with the value in the employeeType
source attribute only if the source employeeType
attribute starts with Temp
and the source l
attribute equals
Seattle
. If the source entry does not pass this filter, the employeeType
target attribute is not populated with this attribute mapping.
A single destination attribute can have more than one mapping configuration, each with a conditional filter. In the example below, the destination attribute named employeeType
is populated with the value in the description source attribute only if the source departmentNumber
equals 50
.
Based on the two attribute mappings for the employeeType destination attribute described above, the value can come from either the source employeeType
or description attributes. The conditional filters determine which mappings are applied, if any.
When a target attribute has two different mappings, only one mapping is applied, the first one where the conditional filter evaluates true
.
Auto Map
The Auto Map option is a quick way to auto-generate attribute mappings between the source and destination objects when they share common attribute names. The AUTO MAP option configures attribute mappings for each attribute defined in the source object and maps them to target attributes of the same name. After selecting AUTO MAP, delete mappings for attributes that you do not want to synchronize by selecting the X next to the Source Value.
Edit attribute mapping
To edit an attribute mapping:
- Select the topology on the Global Sync tab.
- Select Configure on the pipeline.
- Select the Transformation component.
- Expand below the Mappings section at the bottom.
- Select the pipeline mapping that contains the attribute mapping you want to edit and select Edit.
- Select the attribute mapping in the list and select Edit.
- When edits are finished, select Save.
Test attribute mapping
Test the attribute mappings by entering values for the source attributes.
- Select the topology on the Global Sync tab.
- Select Configure on the pipeline.
- Select the Transformation component.
- Expand below the Mappings section at the bottom.
- Select TEST.
- Select the source event type (e.g. Insert, Update, Delete) to test.
- Enter an Event ID. This is a DN that matches the location in the RadiantOne namespace for the source entries. (e.g.
uid=Aaron_Medler,ou=Accounting,o=companydirectory
assumingo=companydirectory
is the source naming context in RadiantOne). - Add source attribute names and values. Attribute names are in the left column and corresponding value in the right column. Click in the cell, type the value and select Enter. Attribute types can be simple or complex. The definitions for "simple" and "complex" are based on SCIM (http://www.simplecloud.info/specs/draft-scim-core-schema-01.html). Use the red X button next to the attribute to remove it from the test.
- Select TEST.
- The results of the Attribute Mappings are shown in the Output section.
- When you are finished testing the mappings, select CLOSE to go back to the "Configure Pipeline" screen.
Standard functions available
The default functions available for use are described in the table below.
Function | Usage & Configuration |
---|---|
| Creates a string containing variables that will be replaced with their value at runtime. This is the function to use if you want to concatenate input values. |
| Concatenates the specified values into one value. |
| Decodes each value of the attribute in base64. |
| Decodes each value of the attribute in base64 without the |
| Encodes each value of the attribute in base64. |
| Escapes the characters in each value according to the rules specified in RFC 2253. |
| Filters a list of value(s) keeping only the value(s) that match the given regular expression. |
| Filters a list of value(s) keeping only the value(s) that do NOT match the given regular expression. |
| Removes any empty/blank/null value(s) from the list of value(s). |
| For each value, extracts the parent DN. This function assumes that each value is a DN. |
| For each value, extracts the RDN at the given index (index 0 is the deepest RDN). This function assumes that each value is a DN. |
| For each value, extracts the RDN value at the given index (index 0 is the deepest RDN). This function assumes that each value is a DN. |
| Extracts a substring from each value considering the length of the substring from the beginning of the string. |
| lookupAttribute(String dataSourceID, String baseDn, String filter, int scope, String attrName, int sizeLimit) |
| Converts each value to lowercase. |
| There are 3 different ways to use the remap function: |
| Replaces all matches of the search string with a replacement string for each value. Ignore regex. |
| Replaces all matches of the search string with a replacement string for each value. Regex sensible. |
| For each DN value, replaces the given suffix with the given replacement value. This function expects that each value is a DN. |
| Replaces the first match of the search string with a replacement string for each value. Ignore Regex. |
| Replaces the first match of the search string with a replacement string for each value. Regex sensible. |
| Replaces the value(s) if a matching key-value pair is found in the given dictionary file. Some sample dictionary files are located here: {RLI_HOME}/ontology/normalization |
| Extracts a substring from each value. |
| Extracts a substring from each value. It retrieves the part after the first occurrence of the separator. |
| Extracts a substring from each value. It retrieves the part after the last occurrence of the separator. |
| Extracts a substring from each value. It retrieves the part before the first occurrence of the separator. |
| Extracts a substring from each value. It retrieves the part before the last occurrence of the separator. |
| Extracts a substring from each value considering the start position and the length of the substring. |
| Extracts a substring from each value considering the start and end positions. |
| Extracts a substring from each value considering the length of the substring from the end of the string. |
| Removes any leading and trailing whitespace from each value. |
| Converts each value to uppercase. |
Available Functions
User defined functions
User-defined functions can be created and configured from the Add Mapping Function window.
- Select next to User-Defined Function.
- Enter a function name.
- (Optional) Enter a Description.
- Select to add parameters as needed.
- Select Add.
- To use the function, select it in the User-Defined Function section and select Next.
- Define values for the parameters of the function and select OK.
- Click OK to exit the function configuration.
- Click OK when you are done with the mappings.
- Click Save to save the rules and go back to the Rule Set table.
- Click to edit the transformation code.
- From the classes drop-down list, select: com.rli.scripts.fidsync.pipelineName.UserDefinedFunctions
- Locate your user-defined function in the code and customize it accordingly.
- Click Save to recompile the jar file.