PingDirectory

Creating a user-defined virtual attribute in interactive mode

About this task

The following example shows how to create a user-defined virtual attribute that assigns an Employee Password Policy to any entry that matches the filter "(employeeType=employee)".

Steps

  1. To configure the user-defined virtual attribute:

    1. Run dsconfig.

    2. Specify the connection port, bind DN, password, and host information.

    3. Type the LDAP connection parameter for your PingDirectory server:

      • For LDAP, enter 1.

      • For SSL, enter 2.

      • For StartTLS, enter 3.

  2. To change the object menu, in the PingDirectory server main menu, type o, and then type the number to select Standard.

  3. In the PingDirectory server main menu, type the number corresponding to virtual attributes.

  4. To create a new virtual attribute, in the Virtual Attribute management menu, type the number.

  5. Use an existing virtual attribute as a template for your new attribute, or create a new attribute from scratch.

    In this example, type n to create a new Virtual Attribute from scratch.

  6. In the Virtual Attribute Type menu, enter a number corresponding to the type of virtual attribute that you want to create.

    In this example, type the number corresponding to User Defined Virtual Attribute.

  7. Enter a name for the new virtual attribute.

    In this example, enter Employee Password Policy Assignment.

  8. In the Enabled Property menu, enter the number to set the property to TRUE (enable).

  9. In the Attribute-Type Property menu, type the attribute-type property for the new virtual attribute.

    You can enter the OID number or attribute name. The attribute-type property must conform to your schema. For this example, type ds-pwp-password-policy-dn.

  10. Enter the value for the virtual attribute, and then press Enter or Return to continue.

    In this example, enter cn=Employee Password Policy,cn=Password Policies,cn=config, and then type Enter or Return to continue.

  11. In the User Defined Virtual Attributes menu, enter a description for the virtual attribute.

    Though optional, this step is useful if you plan to create multiple virtual attributes. Enter the option to change the value, and then type a description of the virtual attribute. In this example, type Virtual attribute that assigns the Employee Password Policy to all entries that match (employeeType=employee).

  12. In the User Defined Virtual Attribute menu, type the number corresponding to the filter.

  13. In the Filter Property menu, enter the option to add one or more filter properties, type the filter, and then press Enter to continue.

    In this example, type (employeeType=employee). Press the number to use the filter value entered.

  14. In the User Defined Virtual Attribute menu, type f to finish creating the virtual attribute.

  15. Verify that the attribute was created successfully.

    1. Add the employeeType=employee attribute to an entry, such as uid=user.0, using ldapmodify.

    2. Add the employeeType=contractor attribute to another entry, such as uid=user.1.

  16. To search for the user with the employeeType=employee attribute, such as uid=user.0, use ldapsearch.

    Example:

    $ bin/ldapsearch --baseDN dc=example,dc=com "(uid=user.0)" \
  ds-pwp-password-policy-dn

    Result:

    The ds-pwp-password-policy-dn attribute has the assigned password policy as its value.

    dn: uid=user.0,ou=People,dc=example,dc=com
ds-pwp-password-policy-dn: cn=Employee Password Policy,cn=Password Policies,cn=config

  17. Run ldapsearch again using the filter (uid=user.1).

    Example:

    $ bin/ldapsearch --baseDN dc=example,dc=com "(uid=user.1)" \
  ds-pwp-password-policy-dn

    Result:

    The ds-pwp-password-policy-dn attribute is not present in the entry because the entry has the attribute employeeType=contractor.

    dn: uid=user.1,ou=People,dc=example,dc=com