List of published manuals

List of manuals for contractors

IIJ ID Service Directory Sync Manual [Windows Active Directory]

Assigning the Multiple Email Addresses to emails Attribute

This section describes examples of how to assign multiple email addresses to the emails attribute of IIJ ID User.

[ Reference ]

The following configuration files are provided as reference examples.

Configure actual settings in accordance with your environment.

Corresponding method

1.Set the following multiple AD attributes to iid.scim.attribue.user.ad_bind.emails of config.yml.

iid:
  scim:
    attribute:
      user:
        ad_bind:
          emails:
                                 - value:        proxyAddresses # *1 *2
                                 - value:        mail
                                 - value:        mailnicknam

*1 When multiple email addresses are registered with proxyAddresses, the email address to which the "SMTP:" (all upper-case characters) prefix is attached is configured as the primary email address for IIJ IDs. Refer to "config.yml" for more information.
*2 When multiple email addresses are registered with proxyAddresses, the maximum number of IIJ IDs that can be registered with the emails attribute may be exceeded, depending on the configuration. If the maximum number of IIJ IDs is exceeded, of the non-primary email addresses, the fifth and subsequent email addresses in alphabetical order will not be synchronized with IIJ IDs.


2.For iid.scim.attribue.user.default.emails of config.yml, set proxyAddresses as the primary email address as shown below.

iid:
  scim:
    attribute:
      user:
        ad_bind:
          emails:
                                 - value:        proxyAddresses # *1 *2
                                 - value:        mail
                                 - value:        mailnicknam
config.yml sample
log:
  loglevel:                      info

ad:
  ldap:
    cache_disabled:              true
    server:
      addresses:
                                 - 192.168.0.100
                                 - 192.168.0.101
      user:                      'CN=iid_proxyadmin,CN=Users,DC=example,DC=local'
      encryption:                none
    base_dn:                     'DC=example,DC=local'
    filter:
      user:                      'memberOf:1.2.840.113556.1.4.1941:=CN=IID_IDaaS user group,OU=IID_Groups,DC=example,DC=local'
      group:                     'memberOf:1.2.840.113556.1.4.1941:=CN=IID_IDaaS user group,OU=IID_Groups,DC=example,DC=local'

iid:
  scim:
    http:
      proxy:
        use:                     false
        address:                 192.168.0.10
        port:                    8080
    attribute:
      user:
        default:
          emails:
            - primary:           true
            - primary:           false
            - primary:           false
        ad_bind:
          externalId:            userPrincipalName
          userName:              sAMAccountName
          name:
            familyName:          sn
            givenName:           givenName
          active:
                                 - userAccountControl
                                 - accountExpires
          emails:
                                 - value:        proxyAddresses
                                 - value:        mail
                                 - value:        mailnickname
      group:
        ad_bind:
          externalId:            objectGUID
          displayName:           name
          email:                 mail