Creating user-defined virtual attributes
User-defined virtual attributes allow you to specify an explicit value to use for the virtual attribute.
There are no restrictions on the length of the value for a user-defined virtual attribute. You must only ensure that the new virtual attribute conforms to your schema, or you will see an error message when you configure it.
You can define your virtual attributes using the dsconfig
tool from the Standard object menu
. Only the value property is specific to the user-defined virtual attribute. All the other properties are common across all kinds of virtual attributes, which include the following.
Property | Description |
---|---|
|
Indicates whether the virtual attribute should be used. |
|
The attribute type for the virtual attribute that is generated. |
|
Can be used to select which entries are eligible to contain the virtual attribute. |
|
Can be used to select which entries are eligible to contain the virtual attribute. |
|
Used to indicate how the server should behave if there are one or more real values for the same attribute type in the same entry. The server can either return only the real values, only the virtual values, or merge both real and virtual values. |
|
Used to indicate whether the server should only generate values for the virtual attribute if it was included in the list of requested attributes. |
|
Used to control the behavior of the server if multiple virtual attributes can be used to contribute values to the same attribute. |
Creating a user-defined virtual attribute in interactive mode
About this task
The following example shows how to create a user-defined virtual attribute that assigns an Employee Password Policy to any entry that matches the filter "(employeeType=employee)"
.
Steps
-
To configure the user-defined virtual attribute:
-
Run
dsconfig
. -
Specify the connection port, bind DN, password, and host information.
-
Type the LDAP connection parameter for your PingDirectory server:
-
For LDAP, enter
1
. -
For SSL, enter
2
. -
For StartTLS, enter
3
.
-
-
-
To change the object menu, in the PingDirectory server main menu, type
o
, and then type the number to selectStandard
. -
In the PingDirectory server main menu, type the number corresponding to virtual attributes.
-
To create a new virtual attribute, in the
Virtual Attribute management
menu, type the number. -
Use an existing virtual attribute as a template for your new attribute, or create a new attribute from scratch.
In this example, type
n
to create a new Virtual Attribute from scratch. -
In the
Virtual Attribute Type
menu, enter a number corresponding to the type of virtual attribute that you want to create.In this example, type the number corresponding to User Defined Virtual Attribute.
-
Enter a name for the new virtual attribute.
In this example, enter
Employee Password Policy Assignment
. -
In the
Enabled Property
menu, enter the number to set the property toTRUE
(enable). -
In the
Attribute-Type Property
menu, type theattribute-type
property for the new virtual attribute.You can enter the OID number or attribute name. The
attribute-type
property must conform to your schema. For this example, typeds-pwp-password-policy-dn
. -
Enter the value for the virtual attribute, and then press Enter or Return to continue.
In this example, enter
cn=Employee Password Policy,cn=Password Policies,cn=config
, and then type Enter or Return to continue. -
In the
User Defined Virtual Attributes
menu, enter a description for the virtual attribute.Though optional, this step is useful if you plan to create multiple virtual attributes. Enter the option to change the value, and then type a description of the virtual attribute. In this example, type
Virtual attribute that assigns the Employee Password Policy to all entries that match (employeeType=employee)
. -
In the
User Defined Virtual Attribute
menu, type the number corresponding to the filter. -
In the
Filter Property
menu, enter the option to add one or more filter properties, type the filter, and then press Enter to continue.In this example, type
(employeeType=employee)
. Press the number to use the filter value entered. -
In the
User Defined Virtual Attribute
menu, typef
to finish creating the virtual attribute. -
Verify that the attribute was created successfully.
-
Add the
employeeType=employee
attribute to an entry, such asuid=user.0
, usingldapmodify
. -
Add the
employeeType=contractor
attribute to another entry, such asuid=user.1
.
-
-
To search for the user with the
employeeType=employee
attribute, such asuid=user.0
, useldapsearch
.Example:
$ bin/ldapsearch --baseDN dc=example,dc=com "(uid=user.0)" \ ds-pwp-password-policy-dn
Result:
The
ds-pwp-password-policy-dn
attribute has the assigned password policy as its value.dn: uid=user.0,ou=People,dc=example,dc=com ds-pwp-password-policy-dn: cn=Employee Password Policy,cn=Password Policies,cn=config
-
Run
ldapsearch
again using the filter(uid=user.1)
.Example:
$ bin/ldapsearch --baseDN dc=example,dc=com "(uid=user.1)" \ ds-pwp-password-policy-dn
Result:
The
ds-pwp-password-policy-dn
attribute is not present in the entry because the entry has the attributeemployeeType=contractor
.dn: uid=user.1,ou=People,dc=example,dc=com
Creating a user-defined virtual attribute using dsconfig
in non-interactive mode
About this task
You can create a virtual attribute in non-interactive command-line mode using dsconfig
.
Steps
-
To set up the Employee Password Policy Assignment virtual attribute introduced in the previous section, run the following command.
Example:
$ bin/dsconfig create-virtual-attribute \ --name "Employee Password Policy Assignment" \ --type user-defined \ --set enabled:true \ --set attribute-type:ds-pwp-password-policy-dn \ --set "filter:(employeeType=employee)" \ --set "value:cn=Employee Password Policy,cn=Password Policies,cn=config"