Aliases 3 and 4
You can configure Alias 3 and Alias 4 to be synchronized from the LDAP by creating a customized LDAP schema.
Alias 1 and Alias 2 can be configured on the STA Token Management or SAS PCE console by the operator only. Alias 3 and Alias 4 can be synchronized from the LDAP source only.
You cannot change the default schema. But, you can modify a cloned schema.
Clone the schema and define the aliases
-
In SafeNet Synchronization Agent, click the Configuration tab.
-
Click Configure in the LDAP Schema Configuration section.
The LDAP Schema Management window displays.
-
Click Clone and type a schema name in the field provided.
-
Type the values for Alias 3 and Alias 4 in the fields provided.
The values must exactly match those in the corresponding LDAP source. In addition, each user name and alias must be unique within a STA or SAS PCE account. STA or SAS PCE resolve conflicts according to rules described in the Conflict resolution section.
-
Click Apply and then OK to save your changes.
-
Click the Status tab.
-
Click Details in the Synchronization Details section.
The User Source Connection Details window displays.
-
Verify that the Mapping name exactly matches the Schema Name used in step 3.
-
Click OK to close the User Source Connection Details window.
-
Click Stop and then Start in the Service Status section.
This sequence forces the LDAP Sync Agent to synchronize with the STA or SAS PCE server.
Verify changes to aliases
-
From the STA Token Management or SAS PCE console, click Virtual Servers > Assignment.
-
Search for the User with Alias 3 or Alias 4.
-
Verify that the synchronized aliases (Alias 3 or Alias 4) display in the User Detail module.
Conflict resolution
Alias 3 and Alias 4 may not be unique in the LDAP source. However, the LDAP synchronization process must be completed even when conflicts exist. The conflict resolution tables that follow indicate how STA or SAS PCE resolves such conflicts during provisioning and synchronization.
Conflicts during provisioning
| New user being added with conflicting … | Existing User | ||||
|---|---|---|---|---|---|
| Synced User ID | Local User ID | Synced Aliases | Local Alias | ||
| New User | Local User ID | New local user not added (UI message displayed) |
|||
| Local Alias | New local user not added (UI message displayed) |
||||
Conflicts during synchronization
| New user being added with conflicting … | Existing User | ||||
|---|---|---|---|---|---|
| Synced User ID | Local User ID | Synced Aliases | Local Alias | ||
| New User | Synced User ID | New synced user not added |
New synced user is added, overwrites local user |
New synced user is added Deletes previously synced alias |
New synced user is added Deletes local alias |
| Synced Alias | New synced user IS added without the alias |
New synced user IS added without the alias |
New synced user IS added without the alias |
New synced user is added Deletes local alias |
|
In case of a conflicting alias, to release the alias from one user so that it can be synced to another user, change the alias value instead of deleting it. Changing the alias value allows STA or SAS PCE to trigger a process to attempt to re-resolve the conflict (simple alias deletion will not).
