Jump to: navigation, search

Obsolete:Mapping Engine

Obsolete Documentation

Please note that this content was marked as obsolete. We left the content here for study and archaeological purposes.

Please check our Documentation for a recent list of topics.


Mapping Engine is the component that transforms one object into another using a set of mapping rules.


A mapping is a collection of mapping rules. A mapping has the following properties:

  • Name
  • Mapping rules

Mapping Rule

A mapping rule is an instruction for generating an attribute value from an expression. A mapping rule consist of the following properties:

  • Name
  • Action: add, replace, delete
  • Condition
  • Expression: constant, variable, script

Mapping an Object

One mapping can be used to transform an object. There should be a mapping for each different scenario. The mapping should include rules for mapping the DN, object classes, and its attributes.

Mapping a DN

The following mapping rule constructs a Samba DN from an IPA attribute:

<rule name="dn">
return "CN="+ipa.cn+",CN=Users,DC=domain1,DC=com";

Mapping an Object Class

The object class of an object is usually static, it can be generated from constant values:

<rule name="objectClass">
<rule name="objectClass" action="add">
<rule name="objectClass" action="add">

Mapping an Attribute

Some attributes can be mapped directly from another attribute.

<rule name="sAMAccountName">

Some attributes require more complex mapping. In the following example Samba's accountExpires is generated from IPA's krbPasswordExpiration.

<rule name="accountExpires">
import org.safehaus.penrose.ad.*;
import org.safehaus.penrose.ipa.*;

if (ipa.krbPasswordExpiration == void || ipa.krbPasswordExpiration == null) return null;
return ActiveDirectory.toTimestamp(IPA.toDate(ipa.krbPasswordExpiration));