Define attribute mappings for a domain
For information about how SecureTransport uses the default attribute mappings, see LDAP logins.
The session variables available depend on the attribute mappings:
- The following session variables are always available:
STSESSION_LDAP_AUTH_BY_EMAIL
, STSESSION_LDAP_DN, STSESSION_LDAP_DOMAIN_ID
, and STSESSION_LDAP_DOMAIN_NAME
.
- To enable
STSESSION_LDAP_fdxGid
, STSESSION_LDAP_fdxHomeDir
, STSESSION_LDAP_fdxShell
, STSESSION_LDAP_fdxUid
, and STSESSION_LDAP_fdxUserType
, select Map to Schema for the corresponding default attribute.
- If you do not select Map to Schema for any custom mappings, all LDAP attributes are mapped to session variables named
STSESSION_LDAP_DIR_
followed by the attribute name.
- If you add a custom mapping, only those attributes added with Map to Schema selected are mapped to session variables named
STSESSION_LDAP_DIR_
followed by the attribute name.
A multivalued LDAP attribute is mapped to several session variables. To use a multivalued LDAP variable, map it and check the SecureTransport session for the names of the session variables.
- If you do not have the New LDAP Domain page open, select Authentication > LDAP Domains and click the domain name in the Domains List to open the LDAP Domain page.
- Under Attributes List, for each SecureTransport attribute that will be mapped from an LDAP attribute, select Map to Schema to enable an attribute mapping.
You can modify a default attribute mapping.
- Click the Edit icon (
) in the Edit column.
- Type the new value in the LDAP Attribute Name column.
- Click the Save icon (
) in the Edit column.
You can define a mapping for a custom LDAP attribute.
- Click New Attribute.
- SecureTransport adds a line to the Attributes List.
- Type the Description, ST Attribute Name, and LDAP Attribute Name.
- Click the Save icon (
) in the Edit column.
- Select Map to Schema to enable the mapping.
To delete a custom attribute mapping, click X in the first column of the table.
Related topics: