The PingDirectoryProxy Server provides proxy transformations to alter the contents of client requests as they are sent from the client to the LDAP external server. Proxy transformations can also be used to alter the responses sent back from the server to the client, including altering or omitting search result entries. The Directory Proxy Server provides the following types of data transformations:
  • Attribute mapping. This transformation rewrites client requests so that references to one attribute type may be replaced with an alternate attribute type. The Directory Proxy Server can perform extensive replacements, including attribute names used in DNs and attribute names encoded in the values of a number of different controls and extended operations. For example, a client requests a userid attribute, which is replaced with uid before being forwarded on to the backend server. This mapping applies in reverse for the response returned to the client.

  • Default value. This transformation instructs the Directory Proxy Server to include a static attribute value in search results being sent back to the client, in ADD requests being forwarded to an external server, or both. For example, a value of "marketing" for businessCategory could be returned for all search results under the base DN ou=marketing,dc=example,dc=com.

  • DN mapping. This transformation rewrites client requests so that references to entries below a specified DN will be mapped to appear below another DN. For example, references to entries below o=example.com could be rewritten so that they are below dc=example,dc=com instead. The mapping applies in reverse for the response returned to the client.

  • Groovy scripted. This custom transformation is written in Groovy and does not need to be compiled, though they use the Server SDK. These scripts make it possible to alter requests and responses in ways not available using the transformations provided with the Directory Proxy Server.

  • Suppress attribute. This proxy transformation allows you to exclude a specified attribute from search result entries. It also provides the ability to reject add, compare, modify, modify DN, or search requests if they attempt to reference the target attribute.

  • Suppress entry. This proxy transformation allows you to exclude any entries that match a specified filter from a set of search results. Search requests are transformed so that the original filter will be ANDed with a NOT filter containing the exclude filter. For example, if the suppression filter is "(objectClass=secretEntry)", then a search request with a filter of "(uid=john.doe)" will be transformed so that it has a filter of "(&(uid=john.doe)(!(objectClass=secretEntry)))".

  • Simple to external bind. This proxy transformation may be used to intercept a simple bind request and instead process the bind as a SASL EXTERNAL bind. If the SASL EXTERNAL bind fails, then the original simple bind request may or may not be processed, depending on how you configure the server.

  • Third-party scripted. This custom transformation is created using the Server SDK, making it possible to alter requests and responses in ways not available using the transformations provided with the Directory Proxy Server.