UnboundID Identity Broker - Regular Expression Username Mapper

Identity Broker Documentation Index
Configuration Reference Home

Regular Expression Username Mapper

The Regular Expression Username Mapper provides a way to use a regular expression to translate the provided username into a search filter to locate the appropriate user entry.

This may be used, for example, if the provided identifier is expected to be an e-mail address or Kerberos principal, but only the username portion (the part before the '@' symbol) should be used in the mapping process. For example, the username 'js12345@unboundid.com' should map to a user in the directory where the uid is js12345 and the domain is unboundid.com. The match-pattern would be ^(.*)@(.*)$ and the match-filter would be (&(uid=$1)(domain=$2)). The '(.*)' before and after the '@' symbol matches the portions before and after the symbol and stores them in the $1 and $2 variables respectively. These variables are then used in the replacement search filter.

Note that a replacement will be made only if all or part of the provided username matches the given match pattern. This mapper may be configured to look in one or more search bases. In order for the mapping to be established properly, exactly one entry must be returned from the search with the translated search filter.

↓Parent Component
↓Properties
↓dsconfig Usage

Parent Component

The Regular Expression Username Mapper component inherits from the Username Mapper

Properties

The properties supported by this managed object are as follows:

Basic Properties:	Advanced Properties:
↓ description	None
↓ enabled
↓ create-base-dn
↓ create-username-pattern
↓ create-rdn
↓ match-base-dn
↓ match-filter
↓ match-pattern

Basic Properties

description

Description	A description for this Username Mapper
Default Value	None
Allowed Values	A string
Multi-Valued	No
Required	No
Admin Action Required	None. Modification requires no further action

enabled

Description	Indicates whether this Username Mapper is enabled for use.
Default Value	None
Allowed Values	true false
Multi-Valued	No
Required	Yes
Admin Action Required	None. Modification requires no further action

create-base-dn

Description	Specifies the base dn where new user entries are created. Specifies the base DN that should be used when creating new user entries mapped from the provided username.
Default Value	The default value (no base DN defined) implies this username mapper does not support creating new entries.
Allowed Values	A valid DN.
Multi-Valued	No
Required	No
Admin Action Required	None. Modification requires no further action

create-username-pattern

Description	Specifies the regular expression pattern that is used to match a username when creating user entries. Portions of the username may be replaced to specify an RDN for the new user. The RDN pattern may include a string from a capturing group matched by the match pattern by using a dollar sign ($) followed by an integer value that indicates which capturing group should be used. Capture group 0 refers to the entire username that matched. For example, for a create-rdn of uid=$1,ou=$2, the create-username-pattern of ^(.)@(.)$ will substitute $1 and $2 with the portions before and after the '@' symbol in the username respectively.
Default Value	The default value is no RDN pattern defined.
Allowed Values	Any valid regular expression pattern which is supported by the javax.util.regex.Pattern class (see http://docs.oracle.com/javase/6/docs/api/java/util/regex/Pattern.html for documentation about this class for Java SE 6).
Multi-Valued	No
Required	No
Admin Action Required	None. Modification requires no further action

create-rdn

Description	Specifies the replacement string used when creating new users mapping the provided username to an RDN. The replacement string may include a string from a capturing group matched by the username pattern by using a dollar sign ($) followed by an integer value that indicates which capturing group should be used. Capture group 0 refers to the entire username that matched. For example, the replacement string uid=$1 with a match-pattern of ^uid:(.*)$ will substitute $1 with the portion after the attribute name in the username respectively.
Default Value	The default value is no replacement string defined.
Allowed Values	A string
Multi-Valued	No
Required	No
Admin Action Required	None. Modification requires no further action

match-base-dn

Description	Specifies the base DN(s) that should be used when performing searches to map the provided username to a user entry. If multiple values are given, searches are performed below all the specified base DNs.
Default Value	None
Allowed Values	A valid DN.
Multi-Valued	Yes
Required	Yes
Admin Action Required	None. Modification requires no further action

match-filter

Description	Specifies the search filter that should be used when performing searches to map the provided username to a user entry. The filter pattern may include a string from a capturing group matched by the match pattern by using a dollar sign ($) followed by an integer value that indicates which capturing group should be used. Capture group 0 refers to the entire username that matched. For example, the match-filter (&(uid=$1)(domain=$2)) with a match-pattern of ^(.)@(.)$ will substitute $1 and $2 with the portions before and after the '@' symbol in the username respectively.
Default Value	None
Allowed Values	A valid LDAP search filter
Multi-Valued	No
Required	Yes
Admin Action Required	None. Modification requires no further action

match-pattern

Description	Specifies the regular expression pattern that is used to identify portions of the username that will be replaced. Any portion of the username that matches this pattern is replaced in accordance with the provided match-filter replace pattern. If multiple substrings within the given username match this pattern, all occurrences are replaced. If no part of the given username matches this pattern, the match-filter is not altered. It must be a valid regular expression as described in the API documentation for the java.util.regex.Pattern class, including support for capturing groups. For example, a match-pattern of ^(.)@(.)$ will match an e-mail address username. The match-filter (&(uid=$1)(domain=$2)) may then be used to substitute $1 and $2 with the portions before and after the '@' symbol in the username respectively.
Default Value	The entire username will be matched
Allowed Values	Any valid regular expression pattern which is supported by the javax.util.regex.Pattern class (see http://docs.oracle.com/javase/6/docs/api/java/util/regex/Pattern.html for documentation about this class for Java SE 6).
Multi-Valued	No
Required	No
Admin Action Required	None. Modification requires no further action

dsconfig Usage

To list the configured Username Mappers:

dsconfig list-username-mappers
     [--property {propertyName}] ...

To view the configuration for an existing Username Mapper:

dsconfig get-username-mapper-prop
     --mapper-name {name}
     [--tab-delimited]
     [--script-friendly]
     [--property {propertyName}] ...

To update the configuration for an existing Username Mapper:

dsconfig set-username-mapper-prop
     --mapper-name {name}
     (--set|--add|--remove) {propertyName}:{propertyValue}
     [(--set|--add|--remove) {propertyName}:{propertyValue}] ...

To create a new Regular Expression Username Mapper:

dsconfig create-username-mapper
     --mapper-name {name}
     --type regular-expression
     --set enabled:{propertyValue}
     --set match-base-dn:{propertyValue}
     --set match-filter:{propertyValue}
     [--set {propertyName}:{propertyValue}] ...

To delete an existing Username Mapper:

dsconfig delete-username-mapper
     --mapper-name {name}