Regular Expression Identity Mapper

The Regular Expression Identity Mapper provides a way to use a regular expression to translate the provided identifier when searching for the appropriate user entry.

This may be used, for example, if the provided identifier is expected to be an e-mail address or Kerberos principal, but only the username portion (the part before the "@" symbol) should be used in the mapping process. Note that a replacement will be made only if all or part of the provided ID string matches the given match pattern. If no part of the ID string matches the provided pattern, the given ID string is used without any alteration.

Parent Component Properties dsconfig Usage

Parent Component

The Regular Expression Identity Mapper component inherits from the Identity Mapper

Properties

The properties supported by this managed object are as follows:


Basic Properties: Advanced Properties:
 description  None
 enabled
 match-attribute
 match-base-dn
 match-filter
 match-pattern
 replace-pattern

Basic Properties

description

Description
A description for this Identity Mapper
Default Value
None
Allowed Values
A string
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

enabled

Description
Indicates whether the Identity Mapper is enabled for use.
Default Value
None
Allowed Values
true
false
Multi-Valued
No
Required
Yes
Admin Action Required
None. Modification requires no further action

match-attribute

Description
Specifies the name or OID of the attribute whose value should match the provided identifier string after it has been processed by the associated regular expression. All values must refer to the name or OID of an attribute type defined in the Directory Server schema. If multiple attributes or OIDs are provided, at least one of those attributes must contain the provided ID string value in exactly one entry.
Default Value
uid
Allowed Values
The name or OID of an attribute type defined in the server schema.
Multi-Valued
Yes
Required
Yes
Admin Action Required
None. Modification requires no further action

match-base-dn

Description
Specifies the base DN(s) that should be used when performing searches to map the provided ID string to a user entry. If multiple values are given, searches are performed below all the specified base DNs.
Default Value
The server searches below all public naming contexts.
Allowed Values
A valid DN.
Multi-Valued
Yes
Required
No
Admin Action Required
None. Modification requires no further action

match-filter

Description
An optional filter that mapped users must match. If a filter is provided, then it will be ANDed with the filter component generated by this Regular Expression Identity Mapper. If no filter is provided, then only the filter generated by this Regular Expression Identity Mapper will be used.
Default Value
None
Allowed Values
A valid LDAP search filter
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

match-pattern

Description
Specifies the regular expression pattern that is used to identify portions of the ID string that will be replaced. Any portion of the ID string that matches this pattern is replaced in accordance with the provided replace pattern (or is removed if no replace pattern is specified). If multiple substrings within the given ID string match this pattern, all occurrences are replaced. If no part of the given ID string matches this pattern, the ID string is not altered. Exactly one match pattern value must be provided, and it must be a valid regular expression as described in the API documentation for the java.util.regex.Pattern class, including support for capturing groups.
Default Value
None
Allowed Values
Any valid regular expression pattern which is supported by the javax.util.regex.Pattern class (see http://java.sun.com/j2se/1.5.0/docs/api/java/util/regex/Pattern.html for documentation about this class for Java SE 5).
Multi-Valued
No
Required
Yes
Admin Action Required
None. Modification requires no further action

replace-pattern

Description
Specifies the replacement pattern that should be used for substrings in the ID string that match the provided regular expression pattern. If no replacement pattern is provided, then any matching portions of the ID string will be removed (i.e., replaced with an empty string). The replacement pattern may include a string from a capturing group by using a dollar sign ($) followed by an integer value that indicates which capturing group should be used.
Default Value
The replace pattern will be the empty string.
Allowed Values
Any valid replacement string that is allowed by the javax.util.regex.Matcher class.
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action


dsconfig Usage

To list the configured Identity Mappers:

dsconfig list-identity-mappers
     [--property {propertyName}] ...

To view the configuration for an existing Identity Mapper:

dsconfig get-identity-mapper-prop
     --mapper-name {name}
     [--tab-delimited]
     [--script-friendly]
     [--property {propertyName}] ...

To update the configuration for an existing Identity Mapper:

dsconfig set-identity-mapper-prop
     --mapper-name {name}
     (--set|--add|--remove) {propertyName}:{propertyValue}
     [(--set|--add|--remove) {propertyName}:{propertyValue}] ...

To create a new Regular Expression Identity Mapper:

dsconfig create-identity-mapper
     --mapper-name {name}
     --type regular-expression
     --set enabled:{propertyValue}
     --set match-pattern:{propertyValue}
     [--set {propertyName}:{propertyValue}] ...

To delete an existing Identity Mapper:

dsconfig delete-identity-mapper
     --mapper-name {name}