Attributes That Map to iProcess Properties
LDAP directory attributes are mapped to iProcess properties to provide the necessary information about iProcess users in the LDAP directory. Mapping LDAP Directory Attributes to iProcess Properties explains how to use LDAPCONF to set up these mappings.
Note that:
| • | LDAP directory attributes that are mapped to iProcess properties are indicated in this guide by the use of angled brackets. For example, <MENUNAME> indicates the LDAP directory attribute that is mapped to the iProcess MENUNAME property. (By default, this is the LDAP menuname attribute, but it can be any other LDAP attribute, such as, groupname.) |
| • | An LDAP directory attribute that is mapped to an iProcess property must have a name that is no longer than 15 characters. Longer names will be truncated when the entries are downloaded to the iProcess Engine, which means that the mapping will be treated as invalid. |
| • | An LDAP directory attribute does not allow the attribute to contain an underscore. An attribute with an underscore in iProcess Engine is mapped to an attribute without an underscore in LDAP. For example, the SW_WISINST attribute in iProcess Engine is mapped to the SWWISINST attribute in LDAP. |
The following table describes the mappings between LDAP directory attributes and iProcess properties.
|
LDAP Directory Attribute Name |
Default Attribute Value |
iProcess Property Mapping |
|||||||||||||||||||||
|
menuname |
Maps to the iProcess MENUNAME attribute. This mapping defines whether the entry represents an iProcess user, group or role. This attribute must be specified! If this attribute is not specified the entry is not added to iProcess (or is deleted if it already exists) when it is synchronized with the LDAP directory (see Synchronizing iProcess User Data with the LDAP directory). It can take the following values:
For example: menuname=PRODEF menuname=GROUP |
||||||||||||||||||||||
|
sn |
Maps to the iProcess user name. Note: Remember that a valid iProcess user name must be 24 characters or less; if the LDAP directory attribute chosen has a value longer than 24 characters, the corresponding iProcess username is truncated to 24 characters (though usernames may also be constrained by the underlying operating system). For example: uid=johnf |
||||||||||||||||||||||
|
groupname |
Maps to the iProcess group name. For example: swgroup=purchas |
||||||||||||||||||||||
|
rolename |
Maps to the iProcess role name. For example: swrole=chfpurch |
||||||||||||||||||||||
|
description |
Maps to the iProcess DESCRIPTION attribute (for a user or group). For example: description=John Ford description=Purchasing Group |
||||||||||||||||||||||
|
language |
Maps to the iProcess LANGUAGE attribute (for a user or group). For example: lang=ENGLISH |
||||||||||||||||||||||
|
sortmail |
Maps to the iProcess SORTMAIL attribute (which defines how iProcess work items should be sorted for a user or group). For example: sort=PROCEDURE |
||||||||||||||||||||||
|
groupusers |
Defines the iProcess users who are members of the group defined by this entry. See Defining Group Membership for more information about how to define values for this attribute. |
||||||||||||||||||||||
|
roleuser |
Defines the iProcess user who is assigned to the role defined by this entry. For example: assignto=johnf |
||||||||||||||||||||||
|
Optional |
Specifies the iProcess users who are allowed to supervise the queue defined by this entry. For example: supervisors=johnb, swadmin If no value is specified for an entry, the default entry is that no supervisors are allowed to supervise the queue. If an incorrect value is specified (i.e. a user who is not a valid iProcess user), an error is reported in the TIBCO iProcess Administrator when the mappings are imported into iProcess. |
||||||||||||||||||||||
|
Optional |
Specifies what work items the user is allowed to forward in Work Queue Manager. It can take the following values:
For example: forwardperms=f If one of the listed values is not specified the entry defaults to NULL. |