The Regular Expression Identity Mapper provides a way to use a regular expression to translate the provided identifier when searching for the appropriate user entry.
This may be used, for example, if the provided identifier is expected to be an e-mail address or Kerberos principal, but only the username portion (the part before the "@" symbol) should be used in the mapping process. Note that a replacement will be made only if all or part of the provided ID string matches the given match pattern. If no part of the ID string matches the provided pattern, the given ID string is used without any alteration.
The Regular Expression Identity Mapper component inherits from the Identity Mapper
The properties supported by this managed object are as follows:
Basic Properties: | Advanced Properties: |
---|---|
description | None |
enabled | |
match-attribute | |
match-base-dn | |
match-filter | |
match-pattern | |
replace-pattern |
Description | A description for this Identity Mapper |
Default Value | None |
Allowed Values | A string |
Multi-Valued | No |
Required | No |
Admin Action Required | None. Modification requires no further action |
Description | Indicates whether the Identity Mapper is enabled for use. |
Default Value | None |
Allowed Values | true false |
Multi-Valued | No |
Required | Yes |
Admin Action Required | None. Modification requires no further action |
Description | Specifies the name or OID of the attribute whose value should match the provided identifier string after it has been processed by the associated regular expression. All values must refer to the name or OID of an attribute type defined in the Directory Server schema. If multiple attributes or OIDs are provided, at least one of those attributes must contain the provided ID string value in exactly one entry. |
Default Value | uid |
Allowed Values | The name or OID of an attribute type defined in the server schema. |
Multi-Valued | Yes |
Required | Yes |
Admin Action Required | None. Modification requires no further action |
Description | Specifies the base DN(s) that should be used when performing searches to map the provided ID string to a user entry. If multiple values are given, searches are performed below all the specified base DNs. |
Default Value | The server searches below all public naming contexts. |
Allowed Values | A valid DN. |
Multi-Valued | Yes |
Required | No |
Admin Action Required | None. Modification requires no further action |
Description | An optional filter that mapped users must match. If a filter is provided, then it will be ANDed with the filter component generated by this Regular Expression Identity Mapper. If no filter is provided, then only the filter generated by this Regular Expression Identity Mapper will be used. |
Default Value | None |
Allowed Values | A valid LDAP search filter |
Multi-Valued | No |
Required | No |
Admin Action Required | None. Modification requires no further action |
Description | Specifies the regular expression pattern that is used to identify portions of the ID string that will be replaced. Any portion of the ID string that matches this pattern is replaced in accordance with the provided replace pattern (or is removed if no replace pattern is specified). If multiple substrings within the given ID string match this pattern, all occurrences are replaced. If no part of the given ID string matches this pattern, the ID string is not altered. Exactly one match pattern value must be provided, and it must be a valid regular expression as described in the API documentation for the java.util.regex.Pattern class, including support for capturing groups. |
Default Value | None |
Allowed Values | Any valid regular expression pattern which is supported by the javax.util.regex.Pattern class (see http://java.sun.com/j2se/1.5.0/docs/api/java/util/regex/Pattern.html for documentation about this class for Java SE 5). |
Multi-Valued | No |
Required | Yes |
Admin Action Required | None. Modification requires no further action |
Description | Specifies the replacement pattern that should be used for substrings in the ID string that match the provided regular expression pattern. If no replacement pattern is provided, then any matching portions of the ID string will be removed (i.e., replaced with an empty string). The replacement pattern may include a string from a capturing group by using a dollar sign ($) followed by an integer value that indicates which capturing group should be used. |
Default Value | The replace pattern will be the empty string. |
Allowed Values | Any valid replacement string that is allowed by the javax.util.regex.Matcher class. |
Multi-Valued | No |
Required | No |
Admin Action Required | None. Modification requires no further action |
To list the configured Identity Mappers:
dsconfig list-identity-mappers [--property {propertyName}] ...
To view the configuration for an existing Identity Mapper:
dsconfig get-identity-mapper-prop --mapper-name {name} [--tab-delimited] [--script-friendly] [--property {propertyName}] ...
To update the configuration for an existing Identity Mapper:
dsconfig set-identity-mapper-prop --mapper-name {name} (--set|--add|--remove) {propertyName}:{propertyValue} [(--set|--add|--remove) {propertyName}:{propertyValue}] ...
To create a new Regular Expression Identity Mapper:
dsconfig create-identity-mapper --mapper-name {name} --type regular-expression --set enabled:{propertyValue} --set match-pattern:{propertyValue} [--set {propertyName}:{propertyValue}] ...
To delete an existing Identity Mapper:
dsconfig delete-identity-mapper --mapper-name {name}