Configuring Liberty Web Services 235novdocx (en) 19 February 2010Signature Algorithm: The signature algorithm to use for signing the payload.5 Click OK, then update the Identity Server configuration as prompted.10.9 Mapping LDAP and Liberty AttributesYou can create an LDAP attribute map or edit an existing one. Attribute mapping involvesspecifying how single-value and multi-value data items map to single-value and multi-value LDAPattributes. A single-value attribute can contain no more than one value, and a multi-value attributecan contain more than one. An example of a single-value attribute might be a person’s gender, andan example of a multi-value attribute might be a person’s various e-mail addresses, phone numbers,or titles.The following fields are common among all attribute maps and are defined here:Type: Specifies the map type. Access Manager comes with a predefined “one-to-one” mapping typefor the Liberty profiles of Personal, Employee, and General. However, the following sectionsdescribe how to create additional map types: Section 10.9.1, “Configuring One-to-One Attribute Maps,” on page 236 Section 10.9.2, “Configuring Employee Type Attribute Maps,” on page 238 Section 10.9.3, “Configuring Employee Status Attribute Maps,” on page 239 Section 10.9.4, “Configuring Postal Address Attribute Maps,” on page 240 Section 10.9.5, “Configuring Contact Method Attribute Maps,” on page 242 Section 10.9.6, “Configuring Gender Attribute Maps,” on page 243 Section 10.9.7, “Configuring Marital Status Attribute Maps,” on page 244Name: The name you want to give the map.Description: A description of the map.Access Rights: A drop-down menu that provide the broadest control for the page. If you set this toRead/Write, you can specify rights for individual data items.In order for user provisioning to succeed, you must select Read/Write from the Access Rights drop-down menu for any maps that use an attribute during user provisioning.User Stores: The user store that a map applies to. If a user logs into a user store that is not in themap’s user store list, that map is not used to read or write attributes for that user.LDAP Attribute Name: The LDAP attribute name that you want to map to the Liberty attribute.LDAP Attribute Value: The predefined LDAP attribute values that you want to map to the Libertyvalues. These LDAP values are those you want to store in the LDAP attribute for each given Libertyattribute value. The LDAP attribute map then maps the actual Liberty URI value, back and forth, tothis supplied value. Values must match the attribute exactly as it appears in the directory. Forexample, “givenName” must be entered as “givenName” in the text field or the mapping does notwork.