QAD 2017 Enterprise Edition > User Guides > Security Administration > Authentication > User Authentication > Review and Update Directory to QAD Database Mappings
  
Review and Update Directory to QAD Database Mappings
During user synchronization, QAD Enterprise Edition makes a DSML search request and then receives a DSML search response.
The attributes and values returned in the DSML response typically do not match the fields in the user table associated with the application. For each QAD application, an attribute mapping file, user-map.xml, contains a list of attribute-to-field mappings, default values, and processing instructions. This file must be configured to manage the attribute mappings.
Each QAD application performing user synchronization requires a customized attribute mapping file (user-map.xml). The file must be customized based on what the particular QAD application requires to provision a user.
Planning is required so that the values in the customized attribute mapping file match what is expected by the QAD application. For example, in QAD Enterprise Edition, active users must have an active user reason code assigned. The reason codes themselves must first be defined using Reason Codes Maintenance (36.2.17).
Mapping between the LDAP directory attributes and the QAD database records is defined in the user-map.xml file. Reviewing the user-map.xml file requires some familiarity with LDAP attribute usage. You should review the directory using a tool such as Active Directory Explorer or JXplorer. You should also have some familiarity with QAD database tables as described in the QAD Database Definitions Technical Reference.
The default user-map.xml file is located in a path such as: .../build/catalog/packages/mfgcoreplus/n/n/n/n/qad.mfgcoreplus/config/user-map.xml
If you have trouble locating the file, enter:
./config/qad.mfgcoreplus/config/usre-map.xml
You must edit this file and define the attribute mappings that are needed based on how the Active Directory is organized.
XML Schema for user-map.xml
XML Schema for user-map.xml
 
Attribute name
Required
Default Value
Description
name
true
N/A
The Active Directory attribute name returned in the DSML response.
tableName
true
N/A
The table name mapping.
fieldName
true
N/A
The field name mapping.
overwrite
false
true
If true then the value is overwritten during an UPDATE of the user record. If false then the value is only written during the CREATE of the user record.
defaultValue
false
A2A
The default value to use if no value is provided in the DSML response.
filter
false
true
Remove attributes that do not match a mapping key. Useful for filtering multiple values such as the attribute memberOf.
Map Element Attributes
Zero or many map elements may be associated with an attribute. If no mapping elements are present, the attribute value will not be replaced.
Map Element Attributes
 
Attribute name
Required
Description
key
true
The case insensitive mapping key that is used when matching an attribute value.
value
true
The mapping value that will replace the original value.
Example user-map.xml
 
<user>
<attributes>
<attribute name="c" tableName="usr_mstr" fieldName="usr_ctry_code" overwrite="false">
<map key="U.S.A" value="US" />
<map key="AU" value="AUS" />
</attribute>
<attribute name="mail" tableName="usr_mstr" fieldName="usr_mail_address" overwrite="true" />
<attribute name="c" tableName="usr_mstr" fieldName="usr_lang" defaultValue="US" overwrite="false">
<map key="U.S.A" value="US" />
<map key="AU" value="US" />
<map key="DE" value="GR" />
</attribute>
</attributes>
</user>
The above user-map.xml file is summarized in the following table.
 
Active Directory Attribute
Table and Field
Default Value
Is Mapped
Overwrite
c
usr_mstr.usr_ctry_code
N/A
yes
yes
c
usr_mstr.usr_lang
US
yes
no
mail
usr_mstr.usr_mail_address
N/A
no
yes
LDAP Attribute Listing
 
Attribute Name
Alias
Description
Multiple Values
Syntax
c
countryName
Country abbreviation
false
DirectoryString
cn
commonName
Name
false
DirectoryString
co
friendlyCountryName
Full name of country
false
DirectoryString
codePage
codePage
Code page
false
Integer
countryCode
countryCode
Country code
false
Integer
dn
distinguishedName
X500 distinguished name
false
DN
displayName
displayName
Display Name
false
DN
gn
givenName
First or given name
false
DirectoryString
homePhone
homeTelephoneNumber
Home phone number
false
DirectoryString
mail
rfc822Mailbox
E-mail address
false
DirectoryString
memberOf
memberOf
Group membership
true
DN
mobile
mobileTelephoneNumber
Mobile phone number
false
DirectoryString
modifyTimestamp
mnodifyTimestamp
Modify time stamp
false
Generalized Time
o
organizationName
Organization name
true
DirectoryString
objectCategory
 
Object category
false
DN
ou
organizationalUnitName
Usually department or sub-entity
true
DNWithBinary
postalCode
postalCode
Post code or ZIP
false
DirectoryString
sn
surname
Surname or last name
false
DirectoryString
st
stateOrProvinceName
State
false
DirectoryString
street
streetAddress
Street address
false
DirectoryString
uid
userid
Username
false
DirectoryString
Syntax
 
Attribute Name
Format
Description
Example
Generalized Time
YYYYMMDDHHMMSS[.|,fraction][(+|-HHMM)|Z]
Time stamp
"19991106210627.3Z" = Nov 6, 1999 21:06:27.3 UTC
DN
cn=<value>,ou=<value>,o=<value>,c=<value>
Distinguished name. Comma delimited list of name/value pairs (RFC 2253)
cn=Ben Gray,ou=editing,o=New York Times,c=US
DirectoryString
 
UTF-8 encoded string
QAD Inc.
Integer
 
Whole number of unlimited magnitude
12345
Once the attribute mapping in user-map.xml is complete, you can proceed with configuring QAD Enterprise Edition.