Creating a user-defined virtual attribute in interactive mode
About this task
The following example shows how to create a user-defined virtual attribute that assigns an Employee Password Policy to any entry that matches the filter "(employeeType=employee)"
.
Steps
-
To configure the user-defined virtual attribute:
-
Run
dsconfig
. -
Specify the connection port, bind DN, password, and host information.
-
Type the LDAP connection parameter for your PingDirectory server:
-
For LDAP, enter
1
. -
For SSL, enter
2
. -
For StartTLS, enter
3
.
-
-
-
To change the object menu, in the PingDirectory server main menu, type
o
, and then type the number to selectStandard
. -
In the PingDirectory server main menu, type the number corresponding to virtual attributes.
-
To create a new virtual attribute, in the
Virtual Attribute management
menu, type the number. -
Use an existing virtual attribute as a template for your new attribute, or create a new attribute from scratch.
In this example, type
n
to create a new Virtual Attribute from scratch. -
In the
Virtual Attribute Type
menu, enter a number corresponding to the type of virtual attribute that you want to create.In this example, type the number corresponding to User Defined Virtual Attribute.
-
Enter a name for the new virtual attribute.
In this example, enter
Employee Password Policy Assignment
. -
In the
Enabled Property
menu, enter the number to set the property toTRUE
(enable). -
In the
Attribute-Type Property
menu, type theattribute-type
property for the new virtual attribute.You can enter the OID number or attribute name. The
attribute-type
property must conform to your schema. For this example, typeds-pwp-password-policy-dn
. -
Enter the value for the virtual attribute, and then press Enter or Return to continue.
In this example, enter
cn=Employee Password Policy,cn=Password Policies,cn=config
, and then type Enter or Return to continue. -
In the
User Defined Virtual Attributes
menu, enter a description for the virtual attribute.Though optional, this step is useful if you plan to create multiple virtual attributes. Enter the option to change the value, and then type a description of the virtual attribute. In this example, type
Virtual attribute that assigns the Employee Password Policy to all entries that match (employeeType=employee)
. -
In the
User Defined Virtual Attribute
menu, type the number corresponding to the filter. -
In the
Filter Property
menu, enter the option to add one or more filter properties, type the filter, and then press Enter to continue.In this example, type
(employeeType=employee)
. Press the number to use the filter value entered. -
In the
User Defined Virtual Attribute
menu, typef
to finish creating the virtual attribute. -
Verify that the attribute was created successfully.
-
Add the
employeeType=employee
attribute to an entry, such asuid=user.0
, usingldapmodify
. -
Add the
employeeType=contractor
attribute to another entry, such asuid=user.1
.
-
-
To search for the user with the
employeeType=employee
attribute, such asuid=user.0
, useldapsearch
.Example:
$ bin/ldapsearch --baseDN dc=example,dc=com "(uid=user.0)" \ ds-pwp-password-policy-dn
Result:
The
ds-pwp-password-policy-dn
attribute has the assigned password policy as its value.dn: uid=user.0,ou=People,dc=example,dc=com ds-pwp-password-policy-dn: cn=Employee Password Policy,cn=Password Policies,cn=config
-
Run
ldapsearch
again using the filter(uid=user.1)
.Example:
$ bin/ldapsearch --baseDN dc=example,dc=com "(uid=user.1)" \ ds-pwp-password-policy-dn
Result:
The
ds-pwp-password-policy-dn
attribute is not present in the entry because the entry has the attributeemployeeType=contractor
.dn: uid=user.1,ou=People,dc=example,dc=com