- Contents
Using LDAP for CIC Contact Lists Technical Reference
i3genfolder_map.txt example file
The following attribute mapping file is available at https://my.inin.com/support/products/ic40/Pages/Utilities-Downloads.aspx.
;****************************************************************************** ;* CIC Contact Folder Attribute Mapping File for the "i3genfolder" ObjectClass * ;* * ;* Purpose: To define the mappings between the CIC contact folder attributes * ;* and the corresponding LDAP attributes. In addition, it also * ;* allows the (optional) specification of a default value, as well * ;* as whether or not the attribute is read-only or read-write. * ;* * ;* Syntax/Notes: * ;* 1) The basic syntax is: * ;* NON_IC_ATTRIB_<num> : <LDAPAttrib>,RO[,<DefaultVal>] * ;* See note 6 below for information on non-CIC attributes. * ;* 2) Blank or comment lines are ignored; comment lines start with * ;* a semicolon. * ;* 3) The case of the attributes and the case of the RO/RW flag * ;* does not matter. * ;* 4) The RO/RW flag is always RO for folder attributes. * ;* 5) If the attribute is multi-valued, and you want the multiple * ;* values to be presented together with a separator string * ;* between each, then append a [<sep>] to the attribute. * ;* For example: objectclass[;] * ;* When specifying multiple default values, use this separator * ;* between each; for example: top;person;organizationalperson * ;* Note that separator strings may have more than one character * ;* (e.g. &&, --foo--), and it is up to you to choose a separator * ;* string that will not happen to occur in the middle of any * ;* values. * ;* 6) You may specify other, non-CIC attributes; this is very useful * ;* for inserting values for required, non-CIC attributes. The * ;* "CIC" attribute you use is NON_IC_ATTRIB_<num>, where num is * ;* the sequential number of the attribute, starting from 1. * ;* For example: * ;* NON_IC_ATTRIB_1, NON_IC_ATTRIB_2, NON_IC_ATTRIB_3, etc. * ;* Note: There cannot be any gaps in the sequence; so if you * ;* were to delete NON_IC_ATTRIB_2, you must rename * ;* NON_IC_ATTRIB_3 to NON_IC_ATTRIB_2 (and so on for all * ;* non-CIC attributes greater than 2). * ;* 7) You may use substitution variables (defined in a user mapping * ;* file) for default values. For example: * ;* NON_IC_ATTRIB_1 : cn, RO, $USER$ * ;* See the online help in IA for documentation for the user * ;* mapping file usage and syntax. * ;* Notes: 1. User-related substitution values are only useful * ;* for private contact sources. * ;* 2. Case is preserved (i.e. you need to match what * ;* was given in the user mapping file). * ;* 8) You may use the built-in substitution variables for default * ;* values. These are: * ;* $ICUID - The CIC user ID (note that this is really only * ;* useful for private contact sources). * ;* $CONTACTSOURCE - The contact (DataManager) data source. * ;* For example: Our Public Contacts * ;* $BINDDN - The DN used to bind with, as specified in the * ;* CIC data source configuration. * ;* $SEARCHDN - The search DN as specified in the CIC data source* ;* or overridden in the contact list source, * ;* $SEARCHDNPARENT - The parent DN of the configured search DN* ;* $ENTRYDN - The DN of this contact entry. * ;* Note: These must be in UPPER case. * ;* * ;****************************************************************************** ;------------------------------------------------------------------------------ ; CIC Attribute : LDAP Attribute[sep], RO/RW, Default Value ;------------------------------------------------------------------------------ NON_IC_ATTRIB_1 : objectclass[;], RO, top;i3genfolder NON_IC_ATTRIB_2 : cn, RO, $CONTACTSOURCE ; Unless ACI must be established in each contact entry (for example, the ; folder contains private contact entries for more than one user), then ; one of the two ACIs below would be needed. ; This ACI would be suitable for a PRIVATE contact source that has the contact ; entries parented by this folder, which is parented by the user entry. ; NON_IC_ATTRIB_3 : aci[&&], RO, (target="ldap:///$ENTRYDN")(targetattr="*")(version 3.0; acl "Hide from everyone except EIC and contact owner."; deny (all) userdn != "ldap:///$BINDDN||ldap:///$SEARCHDNPARENT";) && (target="ldap:///$ENTRYDN")(targetattr="*")(version 3.0; acl "Allow EIC and contact owner all access."; allow (all) userdn = "ldap:///$BINDDN||ldap:///$SEARCHDNPARENT";) ; This ACI would be suitable for a PUBLIC contact source that has the contact ; entries parented by this folder. ; NON_IC_ATTRIB_3 : aci[&&], RO, (target="ldap:///$ENTRYDN")(targetattr="*")(version 3.0; acl "Allow CIC all access."; allow (all) userdn = "ldap:///$BINDDN";)