PingDirectory

Creating mirror virtual attributes

PingDirectory server provides a feature to mirror the value of another attribute in the same entry or mirror the value of the same or a different attribute in an entry referenced by the original entry.

For example, consider a directory information tree (DIT) where users have a manager attribute with a value of the DN of the employee as follows.

dn: uid=apeters,ou=people,dc=example,dc=com
objectClass: person
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: top
manager:uid=jdoe,ou=people,dc=example,dc=com
uid: apeters
... (more attributes) ...

You can set up a mirror virtual attribute so that the returned value for the managerName virtual attribute can be the cn value of the entry referenced by the manager attribute.

$ bin/ldapsearch --baseDN dc=example,dc=com "(uid=apeters)" \
dn: uid=apeters,ou=people,dc=example,dc=com

objectClass: person
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: top
manager:uid=jdoe,ou=people,dc=example,dc=com
managerName: John Doe
uid: apeters
... (more attributes not shown) ...

Creating a mirror virtual attribute using dsconfig in non-interactive mode

Create a mirror virtual attribute using dsconfig in non-interactive command-line mode.

About this task

The following example sets up the managerName virtual attribute introduced in the previous section:

Steps

  1. Update the schema to define the managerName attribute.

    You can optionally add the attribute to an object class.

    1. In a text editor, create a file with the following schema definition for the attribute.

      dn: cn=schema
      objectClass: top
      objectClass: ldapSubentry
      objectClass: subschema attributeTypes: ( 1.3.6.1.4.1.32473.3.1.9.4 NAME ‘managerName’
        EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{256}
        X-ORIGIN ‘PingDirectory Server Example’ )
    2. Save the file as 98-myschema.ldif in the <server-root>/config/schema folder.

  2. Restart the PingDirectory server.

    $ bin/stop-server --restart
  3. To create the virtual attribute, use dsconfig.

    $ bin/dsconfig create-virtual-attribute \
      --name "managerName" \
      --type mirror \
      --set "description:managerName from manager cn" \
      --set enabled:true \
      --set attribute-type:managerName \
      --set source-attribute:cn \
      --set source-entry-dn-attribute:manager
  4. To verify the mirror virtual attribute, search for an entry.

    $ bin/ldapsearch --baseDN dc=example,dc=com "(uid=apeters)"

    Result:

    Your search results in the following.

    dn: uid=apeters,ou=People,dc=example,dc=com
    ... (attributes) ...
    manager: uid=jdoe,ou=People,dc=example,dc=com
    managerName: John Doe