Check the identity manager user guide to learn how to use the identity manager.
See the rules page for the complete entity syntax.
As you might have read here (Additional attributes subsection) there's a kind of user attributes that might be persisted on the LDAP server. The persistence rely on two different mechanisms. The user can define a one-to-one mapping between LDAP attributes and business parameters. Or, if no mapping is defined for a given attribute, a bulk attribute is used to store a list of key/value parameter pairs. The bulk parameter can be configured by setting the "BulkParameterAttributeName" manually on your configurations repository or you can do it programatically with the following snippet:
getConfigurations().getAttributeConfigurations().setBulkParameterAttributeName("myLDAPAttributeNameForBulkParameterStorage");
The default value for the bulk attribute is the "carLicense". If you already use this attribute for some internal usage please change the bulk attribute name through any process described above. The storage is managed automatically by the identity manager and works for attribute addition and retrieval.
When selecting the attributes to map one-on-one with the business parameters one must be careful and take in account the attribute schema description. The selected attribute must be compatible with the business parameter in terms of length and type. Ideally you should strive for attributes of the Directory String type.
These mappings can be defined directly manually on your configurations repository or you can use the following snippet to change them programatically:
getConfigurations().getAttributeConfigurations().addMappingPair("myBusinessParameterName", "theLDAPAttributeName);
Check the AttributeConfigurations API here.
Keep in mind that the configurations can also be changed by using the Configurations Utils toolbox.
The identity manager LDAP module supports different underlying LDAP implementations. The user can select the LDAP technology he wishes to use through a configuration parameter. There's a configuration object that stores the preferred LDAP technology. Check it's JavaDoc for further informations. The configurations object uses Digitalis own ConfigurationUtils.
The usage of such a tool box is beyond the scope of this text. The underlying LDAP implementation can be set using the LdapUtilsImplementation attribute on the IdManagerConfigurations on the dif2 configuration point. The attribute can have the following values: ad and open_ldap for Microsoft's Active Directory and for OpenLDAP respectively. If you do it programatically you might want to use the getIdTag() method on the LDAPUtilsImplementation enumerated type.
Here's an example:
// Set the Properties with the AD implementation
Properties config = new Properties();
config.put("LdapUtilsImplementation", LDAPUtilsImplementation.AD.getIdTag());
// Create the configurations preferences object and write the configuration
IConfigurations configs = new ConfigurationsPreferencesImpl();
configs.writeConfiguration("dif2", "IdManagerConfigurations", config);
There are several configuration parameters that need to be set up prior to LDAP Utils utilization. Once again these are out of scope of this text but those informations can be found here.