LDAP transform maps

The transform map moves data from the import set table to the target table (User or Group).

The LDAP integration uses standard import sets and transform maps. You can also create custom LDAP transform maps.
Important: Whether you select or create custom LDAP transform maps, there should be one active transform map for a set of source and target tables. Enabling multiple transform maps for the same source and target tables can produce duplicate entries in the target table unless you coalesce against the matching fields.

Default LDAP transform maps

By default, the system provides two transform maps for LDAP data.
Table 1. Default LDAP transform maps
Transform Map Source Table Target Table Description
LDAP User Import [ldap_import] [sys_user] Default transform map for creating user records from LDAP credentials as part of LDAP on-demand login. Contains mappings for an Active Directory LDAP server.
LDAP Group Import [ldap_group_import] [sys_user_group] Default transform map for creating group records from LDAP OUs. Contains mappings for an Active Directory LDAP server.
Note: By default, the system does not have a transform map for LDAP department records.

Requirements for custom LDAP transform maps

If you choose to create a custom transform map, the transform map must meet the following mapping requirements.
Table 2. Requirements for custom LDAP transform maps
Source Table Source Field Target Table Target Field Coalesce Description
ldap_import u_source sys_user source false The u_source field identifies the LDAP DN of the imported user or group. The system uses this field to determine that a user requires LDAP authentication, to find a user's manager, and to put users into groups.
ldap_import Select one of the following fields:
  • u_samaccountname
  • u_dn
  • u_cn
sys_user user_name true If LDAP integrates to Active Directory, select u_samaccountname as the source field. If other LDAP directories are used, select u_dn or u_cn as the source field.