Would it be possible (or desirable) to set out a strict way which the full dn of an LDAP object maps to the structure of Entra or other backends?
For example,
LDAP DN "uid=harry.lime,ou=sales,ou=staff,dc=thirdman,dc=com"
maps to Entra user "harry.lime" in the "sales" group nested in the "staff" group? (unsure of Entra terms and structure)
The advantage would be a clear relation between the structures of different identity servers.
On the other hand, enforcing a structure might make interacting with applications which expect a particular structure difficult, or make adopting tough for orgs with an established directory.
Would it be possible (or desirable) to set out a strict way which the full dn of an LDAP object maps to the structure of Entra or other backends?
For example,
LDAP DN "uid=harry.lime,ou=sales,ou=staff,dc=thirdman,dc=com" maps to Entra user "harry.lime" in the "sales" group nested in the "staff" group? (unsure of Entra terms and structure)
The advantage would be a clear relation between the structures of different identity servers. On the other hand, enforcing a structure might make interacting with applications which expect a particular structure difficult, or make adopting tough for orgs with an established directory.
Longer term, the mapping could be configurable.