This topic has 2 replies, 3 voices, and was last updated 5 years, 9 months ago by 
-
Posts
-
Hi,
I am trying to achieve the following, and I am a bit lost, I could really need advices fro this :
We have an AD, that is our source dataset (because of office365 and so on), on this AD we have all our users and they are spanned over different groups, usual setup.
From this AD we are already sync’ing users to a DJ server (that we use for actual authentication on multiple linux servers) via a IDM instance.
The sync from AD to DJ via IDM is working flawlessly, including password sync…
As we are using the DJ to authenticate users connection to linux server I’d like to give a $home value for each users according to its AD group membership, so every users connecting to a linux server would be located in a “department related” $home.
I have some ideas about how to achieve that but I really want to do it following best practices (if any), so feel free to give professional advices :)
You should be able to declare a property mapping entry which is based on AD’s account memberOf attribute (containing references to group membership) that translates into an attribute in DJ that is meaningful for Linux. You’ll need to write a bit of JavaScript or Groovy to represent that transformation logic; see this section in the docs for how to do so: https://forgerock.org/openidm/doc/bootstrap/integrators-guide/#mapping-transforming-attributes
Thanks @jake-feasel,
I’ll try that, for now I’ve been updating the DJ schema manually (as we only need to apply this to few users, mainly admin), but in near future we may have to do this massively, in which case your input will become very helpful !
Thanks aganin for the help Jake.
You must be logged in to reply to this topic.
