Page created: 24 Jul 2019
|
Page updated: 6 Nov 2019
| 3 min read
7.3 Product PingDirectory
The following example shows how to create a user-defined virtual attribute that
assigns an Employee Password Policy to any entry that matches the filter
"(employeeType=employee)"
.
- Run dsconfig to configure the user-defined virtual attribute. Specify the connection port, bind DN, password, and host information. Then type the LDAP connection parameter for your Directory Server: 1 for LDAP, 2 for SSL, 3 for StartTLS.
- On the Directory Server main menu, type o to change the object menu, and then type the number to select Standard.
- On the Directory Server main menu, type the number corresponding to virtual attributes.
- On the Virtual Attribute management menu, type the number to create a new virtual attribute.
- Next, you can use an existing virtual attribute as a template for your new attribute, or your can create a new attribute from scratch. In this example, type n to create a new Virtual Attribute from scratch.
- On the Virtual Attribute Type menu, enter a number corresponding to the type of virtual attribute that you want to create. In this example, type the number corresponding to User Defined Virtual Attribute.
- Next, enter a name for the new virtual attribute. In this example, enter "Employee Password Policy Assignment."
- On the Enabled Property menu, enter the number to set the property to true (enable).
-
On the Attribute-Type Property menu, type the
attribute-type
property for the new virtual attribute. You can enter the OID number or attribute name. Theattribute-type
property must conform to your schema. For this example, type "ds-pwp-password-policy-dn". -
Enter the value for the virtual attribute, and then press Enter or Return to
continue. In this example, enter
cn=Employee Password Policy,cn=Password Policies,cn=config
, and then type Enter or Return to continue. - On the User Defined Virtual Attributes menu, enter a description for the virtual attribute. Though optional, this step is useful if you plan to create a lot of virtual attributes. Enter the option to change the value, and then type a description of the virtual attribute. In this example, enter: Virtual attribute that assigns the Employee Password Policy to all entries that match (employeeType=employee).
- On the User Defined Virtual Attribute menu, type the number corresponding to the filter.
-
On the Filter Property menu, enter the option to add one
or more filter properties, type the filter, and then press
Enter to continue. In this example, type
(employeeType=employee)
. Press the number to use the filter value entered. - On the User Defined Virtual Attribute menu, type f to finish creating the virtual attribute.
-
Verify that the attribute was created successfully. Add the
employeeType=employee
attribute to an entry (e.g.,uid=user.0
) using ldapmodify. Add theemployeeType=contractor
attribute to another entry (e.g.,uid=user.1
). -
Use ldapsearch to search for the user with the
employeeType=employee
attribute (e.g.,uid=user.0
). You will notice theds-pwp-password-policy-dn
attribute has the assigned password policy as its value.$ bin/ldapsearch --baseDN dc=example,dc=com "(uid=user.0)" \ ds-password-policy-dn
dn: uid=user.0,ou=People,dc=example,dc=com ds-pwp-password-policy-dn: cn=Employee Password Policy,cn=Password Policies,cn=config
-
Run ldapsearch again using the filter
"
(uid=user.1)
", theds-pwp-password-policy-dn
attribute will not be present in the entry, because the entry has the attribute,employeeType=contractor
.$ bin/ldapsearch --baseDN dc=example,dc=com "(uid=user.1)" \ ds-password-policy-dn
dn: uid=user.1,ou=People,dc=example,dc=com