Mapping Data Between Resources
A synchronization mapping specifies a relationship between objects and their attributes in two data stores. The following example shows a typical attribute mapping, between objects in an external LDAP directory and an IDM managed user data store:
"source": "lastName", "target": "sn"
In this case, the
lastName source attribute is mapped to the
sn (surname) attribute in the target LDAP directory.
The core synchronization configuration is defined in the.
You can define a single file with all your mappings (
conf/sync.json) or a separate file per mapping. Individual mapping files are named
mapping-mappingName.json; for example,
mapping-managedUser_systemCsvfileAccounts.json. Individual mapping files can be useful if your deployment includes a large number of mappings that are difficult to manage in a single file. You can also use a combination of individual mapping files and a monolithic
sync.json file, particularly if you are adding mappings to an existing deployment.
If you use a single
sync.json file, mappings are processed in the order in which they appear within that file. If you use multiple mapping files, mappings are processed according to the
syncAfter property in the mapping. The following example indicates that this particular mapping must be processed after the
"source" : "managed/user", "target" : "system/csvfile/account", "syncAfter" : [ "managedUser_systemCsvfileAccount" ],
If you use a combination of
sync.json and individual mapping files, the synchronization engine processes the mappings in
sync.json first (in order), and then any mappings specified in the individual mapping files, according to the
syncAfter property in each mapping.
For a list of all mappings, regardless of how they are configured, use the following call:
--header "X-OpenIDM-Username: openidm-admin" \
--header "X-OpenIDM-Password: openidm-admin" \
--header "Accept-API-Version: resource=1.0" \
--request GET \
This call returns the mappings in the order in which they will be processed.
The Admin UI only shows the mappings configured in the
sync.json file. Do not use the Admin UI to add or change mappings in individual mapping files.
Mappings are always defined from a source resource to a target resource. To configure bidirectional synchronization, you must define two mappings. For example, to configure bidirectional synchronization between an LDAP server and an IDM repository, you would define the following two mappings:
LDAP Server > IDM Repository
IDM Repository > LDAP Server
Bidirectional mappings can include a
links property that lets you reuse the links established between objects, for both mappings. For more information, see "Reuse Links Between Mappings".
You can update a mapping while the server is running. To avoid inconsistencies between data stores, do not update a mapping while a reconciliation is in progress for that mapping.