Attributes That Map to iProcess Properties

Copyright © Cloud Software Group, Inc. All rights reserved.

Copyright © Cloud Software Group, Inc. All rights reserved.

Chapter 2 Creating and Maintaining iProcess User Data in the LDAP Directory : Attributes That Map to iProcess Properties

Attributes That Map to iProcess Properties

LDAP directory attributes are mapped to iProcess properties to provide the necessary information about iProcess users in the LDAP directory. Mapping LDAP Directory Attributes to iProcess Properties explains how to use LDAPCONF to set up these mappings.

Note that:

•

LDAP directory attributes that are mapped to iProcess properties are indicated in this guide by the use of angled brackets. For example, <MENUNAME> indicates the LDAP directory attribute that is mapped to the iProcess MENUNAME property. (By default, this is the LDAP menuname attribute, but it can be any other LDAP attribute - for example, groupname.)

•

An LDAP directory attribute that is mapped to an iProcess property must have a name that is no longer than 15 characters. Longer names will be truncated when the entries are downloaded to the iProcess Engine, which means that the mapping will be treated as invalid.

•

An LDAP directory attribute does not allow the attribute to contain an underscore. An attribute with an underscore in iProcess Engine is mapped to an attribute without an underscore in LDAP. For example, the SW_WISINST attribute in iProcess Engine is mapped to the SWWISINST attribute in LDAP.

The following table describes the mappings between LDAP directory attributes and iProcess properties.

LDAP Directory Attribute Name

Default Attribute Value

iProcess Property Mapping

<MENUNAME>

menuname

Maps to the iProcess MENUNAME attribute.

This mapping defines whether the entry represents an iProcess user, group or role.

This attribute must be specified! If this attribute is not specified the entry is not added to iProcess (or is deleted if it already exists) when it is synchronized with the LDAP directory (see Synchronizing iProcess User Data with the LDAP directory).

It can take the following values:

•

USER - The entry is an iProcess user with a MENUNAME of USER.

•

MANAGER - The entry is an iProcess user with a MENUNAME of MANAGER.

•

PRODEF - The entry is an iProcess user with a MENUNAME of PRODEF.

•

ADMIN - The entry is an iProcess user with a MENUNAME of ADMIN.

•

GROUP - The entry is an iProcess group.

•

ROLE - The entry is an iProcess role.

•

NONE - The entry is not an iProcess user, group or role. (If the entry already exists in iProcess, it will be removed the next time synchronization takes place.)

For example:

menuname=PRODEF

menuname=GROUP

<USERNAME>

sn

Maps to the iProcess user name.

Note: Remember that a valid iProcess user name must be 24 characters or less; if the LDAP directory attribute chosen has a value longer than 24 characters, the corresponding iProcess username is truncated to 24 characters (though usernames may also be constrained by the underlying operating system).

For example:

uid=johnf

<GROUPNAME>

groupname

Maps to the iProcess group name.

For example:

swgroup=purchas

<ROLENAME>

rolename

Maps to the iProcess role name.

For example:

swrole=chfpurch

<DESCRIPTION>

description

Maps to the iProcess DESCRIPTION attribute (for a user or group).

For example:

description=John Ford

description=Purchasing Group

<LANGUAGE>

language

Maps to the iProcess LANGUAGE attribute (for a user or group).

For example:

lang=ENGLISH

<SORTMAIL>

sortmail

Maps to the iProcess SORTMAIL attribute (which defines how iProcess work items should be sorted for a user or group).

For example:

sort=PROCEDURE

<GROUPUSERS>

groupusers

Defines the iProcess users who are members of the group defined by this entry. See Defining Group Membership for more information about how to define values for this attribute.

<ROLEUSERS>

roleuser

Defines the iProcess user who is assigned to the role defined by this entry.

For example:

assignto=johnf

<QSUPERVISORS>

Optional

Specifies the iProcess users who are allowed to supervise the queue defined by this entry.

For example:

supervisors=johnb, swadmin

If no value is specified for an entry, the default entry is that no supervisors are allowed to supervise the queue.

If an incorrect value is specified (i.e. a user who is not a valid iProcess user), an error is reported in the TIBCO iProcess Administrator when the mappings are imported into iProcess.

<USERFLAGS>

Optional

Specifies what work items the user is allowed to forward in Work Queue Manager.

It can take the following values:

•

null - Step Forward. The user is allowed to forward a work item only if the step’s Forward permission has been set by the procedure definer.

•

r - Forward None. The user is not allowed to forward any work item, even if the step’s Forward permission has been set by the procedure definer.

•

f- Forward Any. The user is allowed to forward any work item, even if the step’s Forward permission has not been set by the procedure definer.

For example:

forwardperms=f

If one of the listed values is not specified the entry defaults to NULL.

Application Specific Attributes

You can also define application specific attributes for use in the iProcess Suite. For example, you may want to make users’ email addresses or telephone numbers available to iProcess procedures.

Do not use the _XX string to name attributes where XX is a 2-digit number. This string is reserved for TIBCO iProcess Engine internal use.

Mapping LDAP Directory Attributes to iProcess Properties explains how to use LDAPCONF to make application specific attributes available to iProcess.

Copyright © Cloud Software Group, Inc. All rights reserved.

Copyright © Cloud Software Group, Inc. All rights reserved.