Contact Us

Suffix and DN Value Mapping

Related Products
Suffix and DN Value Mapping plugins are commonly used tools that are used to resolve a variety of integration problems for applications that access any LDAP server. If you are using any of the identity management software listed here, we can help you with a wide range of potential problem areas that you may be experiencing. Click on the links to explore other solutions related to the software that you are interested in.
Challenge
If you're working with more than one directory and, using a virtual directory, you're presenting a single consolidated view of your data, more than likely you will be facing the problem of how you should handle suffix or DN information that is presented for different branches and entries within your virtual directory.

Consider the situation where you have two directories making use of different suffixes (e.g. dc=mycompany.local and dc=mycompany,dc=org). In this situation, entries that appear within the consolidated view within your virtual directory will be referenced using different suffix data. Furthermore, some attributes may contain values that include a DN, such as group information etc.

Ideally, you would like all suffixes and DN Values to be rewritten so that they appear to belong to the correct place within your virtual directory. Equally, when a client performs an operation on one of these suffixes, the virtual directory should be able to translate that back to the original suffix that applies on the backend server.

Another case where you may need to rewrite DN Values and Suffix data arises when a client application expects particular data to be stored in a particular branch within your DIT, when you own DIT structure is different to that which the application expects. For instance, a company may hold employee information entries in the "ou=employee,dc=mycompany,dc=com" branch of their LDAP server. However, an HR application may expect the information to be stored in the "ou=people,o=mycompany" branch of the server.

Solution
These problems disappear when you are working with Symlabs LDAP Proxy or Virtual Directory Server.

The Suffix Mapping plugin is used to rename one or more suffixes (i.e. tree nodes) on the fly. Subsequently, the suffix mapping plugin will let you change the way your tree looks to LDAP clients. With this plugin you can remap multiple trees on the fly by defining the mapping transformations within the plugin configuration panel. Trees that are remapped will retain all of their child-nodes and will simply be presented with a new branch name to the client application. This basic functionality is needed to perform branch name adaptations between client applications and data repositories.


The Map DN values plugin is used to rename suffixes, in attribute values holding DNs, on the fly. This basic functionality is needed to perform schema adaptations between client applications and data repositories in cases where not only the entry DN needs to be replaced but there are also attributes with values that need to be mapped.


These bundled plugins make it very simple to perform branch mappings and suffix transformations on each operation that a client performs. From the backend directory's point of view, the client will always be working with the correct suffix, while from the client's point of view, the server will always respond with the DN values and suffixes that the client expects.



Symlabs is now part of Quest Software. A leader in simplifying and reducing the cost of IT management, Quest’s innovative solutions make solving the toughest IT management problems easier, enabling more than 100,000 customers worldwide to save time and money across physical, virtual and cloud environments. The addition of Symlabs virtual directory and federation technology will enhance the overall architecture of the Quest® One Identity Solution and Quest migration products. Learn more at www.quest.com/symlabs.