Note: this component has a complexity level of "expert", which means that objects of this type are not expected to be created or altered. Please contact UnboundID support for assistance if you believe that you have a need to create or modify this type of object.
The Member Virtual Attribute generates a member or uniqueMember attribute whose values are the DNs of the members of a specified virtual static group.
This component is used to implement virtual static group functionality, in which it is possible to create an entry that looks like a static group but obtains all of its membership from a dynamic group (or some other type of group, including another static group). This implementation is most efficient when attempting to determine whether a given user is a member of a group (for example, with a filter like "(uniqueMember=uid=john.doe,ou=People,dc=example,dc=com)") when the search does not actually return the membership attribute. Although it works to generate the entire set of values for the member or uniqueMember attribute, this can be an expensive operation for a large group.
↓Parent Component
↓Properties
↓dsconfig Usage
The Member Virtual Attribute component inherits from the Virtual Attribute
The properties supported by this managed object are as follows:
| Basic Properties: | Advanced Properties: |
|---|---|
| ↓ description | ↓ filter |
| ↓ enabled | ↓ conflict-behavior |
| ↓ attribute-type | ↓ require-explicit-request-by-name |
| ↓ base-dn | |
| ↓ group-dn | |
| ↓ client-connection-policy | |
| ↓ allow-retrieving-membership |
| Description | A description for this Virtual Attribute |
| Default Value | None |
| Allowed Values | A string |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | Indicates whether the Virtual Attribute is enabled for use. |
| Default Value | None |
| Allowed Values | true false |
| Multi-Valued | No |
| Required | Yes |
| Admin Action Required | None. Modification requires no further action |
| Description | Specifies the attribute type for the attribute whose values are to be dynamically assigned by the virtual attribute. |
| Default Value | None |
| Allowed Values | The name or OID of an attribute type defined in the server schema. |
| Multi-Valued | No |
| Required | Yes |
| Admin Action Required | None. Modification requires no further action |
| Description | Specifies the base DNs for the branches containing entries that are eligible to use this virtual attribute. If no values are given, then the server generates virtual attributes anywhere in the server. |
| Default Value | The location of the entry in the server is not taken into account when determining whether an entry is eligible to use this virtual attribute. |
| Allowed Values | A valid DN. |
| Multi-Valued | Yes |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | Specifies the DNs of the groups whose members can be eligible to use this virtual attribute. If no values are given, then group membership is not taken into account when generating the virtual attribute. If one or more group DNs are specified, then only members of those groups are allowed to have the virtual attribute. |
| Default Value | Group membership is not taken into account when determining whether an entry is eligible to use this virtual attribute. |
| Allowed Values | A valid DN. |
| Multi-Valued | Yes |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | Specifies a set of client connection policies for which this Virtual Attribute should be generated. If this is undefined, then this Virtual Attribute will always be generated. If it is associated with one or more client connection policies, then this Virtual Attribute will be generated only for operations requested by clients assigned to one of those client connection policies. |
| Default Value | None |
| Allowed Values | The DN of any Client Connection Policy. |
| Multi-Valued | Yes |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | Indicates whether to handle requests that request all values for the virtual attribute. This operation can be very expensive in some cases and is not consistent with the primary function of virtual static groups, which is to make it possible to use static group idioms to determine whether a given user is a member. If this attribute is set to false, attempts to retrieve the entire set of values receive an empty set, and only attempts to determine whether the attribute has a specific value or set of values (which is the primary anticipated use for virtual static groups) are handled properly. |
| Default Value | false |
| Allowed Values | true false |
| Multi-Valued | No |
| Required | Yes |
| Admin Action Required | None. Modification requires no further action |
filter (Advanced Property, Read-Only)
| Description | Specifies the search filters to be applied against entries to determine if the virtual attribute is to be generated for those entries. If no values are given, then any entry is eligible to have the value generated. If one or more filters are specified, then only entries that match at least one of those filters are allowed to have the virtual attribute. |
| Default Value | None |
| Allowed Values | Any valid search filter string. |
| Multi-Valued | Yes |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
conflict-behavior (Advanced Property)
| Description | Specifies the behavior that the server is to exhibit for entries that already contain one or more real values for the associated attribute. |
| Default Value | virtual-overrides-real |
| Allowed Values | real-overrides-virtual - Indicates that any real values contained in the entry are preserved and used, and virtual values are not generated. virtual-overrides-real - Indicates that the virtual attribute provider suppresses any real values contained in the entry and generates virtual values and uses them. merge-real-and-virtual - Indicates that the virtual attribute provider is to preserve any real values contained in the entry and merge them with the set of generated virtual values so that both the real and virtual values are used. |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
require-explicit-request-by-name (Advanced Property)
| Description | Indicates whether attributes of this type must be explicitly included by name in the list of requested attributes. Note that this will only apply to virtual attributes which are associated with an attribute type that is operational. It will be ignored for virtual attributes associated with a non-operational attribute type. If this is true and the associated attribute type is operational, then virtual attributes of this type will only be returned in a search result entry if the attribute type was specifically included in the list of requested attributes but will not be returned if the client only requested "+" (to indicate all operational attributes) but did not explicitly mention this attribute. This should generally only be set to "true" for virtual attributes which may be expensive to construct and for which it is known that the attribute will always be explicitly requested by the client when it is needed. |
| Default Value | false |
| Allowed Values | true false |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
To list the configured Virtual Attributes:
dsconfig list-virtual-attributes
[--property {propertyName}] ...
To view the configuration for an existing Virtual Attribute:
dsconfig get-virtual-attribute-prop
--name {name}
[--tab-delimited]
[--script-friendly]
[--property {propertyName}] ...
To update the configuration for an existing Virtual Attribute:
dsconfig set-virtual-attribute-prop
--name {name}
(--set|--add|--remove) {propertyName}:{propertyValue}
[(--set|--add|--remove) {propertyName}:{propertyValue}] ...
To create a new Member Virtual Attribute:
dsconfig create-virtual-attribute
--name {name}
--type member
--set enabled:{propertyValue}
--set attribute-type:{propertyValue}
[--set {propertyName}:{propertyValue}] ...
To delete an existing Virtual Attribute:
dsconfig delete-virtual-attribute
--name {name}