On 3/24/20 11:24 AM, dmitriys via FreeIPA-users wrote:
Good day!
I setup integration Freeipa with Jamf. I mapped default user attributes from
Identity Settings like:
Job Title
First name
Last name
Email
In Jamf i have more user attributes (Department, Building). My question is
How i can mapping user attributes form Employee Information to attributes in
Jamf or maybe i need create new field in Identity Settings
Hi,
LDAP schema already defines a lot of attributes that can be re-used. The
difficulty is to find one that suits your needs and is allowed by the
schema.
You need first to check which objectclasses represent your user entries
(by default IPA uses person, organizationalperson, inetorgperson,
inetuser, posixaccount, krbprincipalaux, krbticketpolicyaux, ipaobject,
ipasshuser). This can be found with
$ ipa config-show --all | grep "Default user objectclass"
Then you can have a look at the LDAP schema and find the attribute types
included in each of these objectclasses. This will give you a list of
potential attributes. For instance
$ ldapsearch -x -LLL -o ldif-wrap=no -b cn=schema -s base objectclasses
| grep -i inetorgperson
objectclasses: ( 2.16.840.1.113730.3.2.2 NAME 'inetOrgPerson' SUP
organizationalPerson STRUCTURAL MAY ( audio $ businessCategory $
carLicense $ departmentNumber $ displayName $ employeeNumber $
employeeType $ givenName $ homePhone $ homePostalAddress $ initials $
jpegPhoto $ labeledURI $ mail $ manager $ mobile $ o $ pager $ photo $
roomNumber $ secretary $ uid $ userCertificate $ x500UniqueIdentifier $
preferredLanguage $ userSMIMECertificate $ userPKCS12 ) X-ORIGIN 'RFC
2798' )
The inetorgperson defines departmentNumber which may be of interest. You
need to check what type of content is allowed in this attribute:
$ ldapsearch -x -LLL -o ldif-wrap=no -b cn=schema -s base attributetypes
| grep -i departmentnumber
attributetypes: ( 2.16.840.1.113730.3.1.2 NAME 'departmentNumber' DESC
'identifies a department within an organization' EQUALITY
caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX
1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'RFC 2798' )
The SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 means it's a DirectoryString.
If you intend to store the "department" info as a string you may use
this specific attribute.
If you are familiar with ApacheDirectoryStudio, you can use the LDAP
browser and schema browser to help you find all this information.
HTH,
flo
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
