Ping Identity Directory Proxy Server - Attribute Mapping Proxy Transformation

Directory Proxy Server Documentation Index
Configuration Reference Home

Attribute Mapping Proxy Transformation

The Attribute Mapping Proxy Transformation may be used to rewrite client requests so that references to one attribute type may be replaced with an alternate attribute type (e.g., "userid" in client requests could be replaced with "uid" before forwarding on to a backend server). The mapping will be applied in reverse for responses back to the client.

Please note that any joined entries included with the search result entries will not be altered when performing searches with the join request control (OID 1.3.6.1.4.1.30221.2.5.9).

↓Parent Component
↓Properties
↓dsconfig Usage

Parent Component

The Attribute Mapping Proxy Transformation component inherits from the Proxy Transformation

Properties

The properties supported by this managed object are as follows:

Basic Properties:	Advanced Properties:
↓ description	None
↓ enabled
↓ request-criteria
↓ source-attribute
↓ target-attribute
↓ enable-dn-mapping
↓ enable-control-mapping
↓ map-control

Basic Properties

description

Description	A description for this Proxy Transformation
Default Value	None
Allowed Values	A string
Multi-Valued	No
Required	No
Admin Action Required	None. Modification requires no further action

enabled

Description	Indicates whether this proxy transformation is enabled for use in the server.
Default Value	None
Allowed Values	true false
Multi-Valued	No
Required	Yes
Admin Action Required	None. Modification requires no further action

request-criteria

Description	Criteria indicating the set of operations for which the transformation will be invoked.
Default Value	This Proxy Transformation will be invoked for all operations.
Allowed Values	The DN of any Request Criteria.
Multi-Valued	No
Required	No
Admin Action Required	None. Modification requires no further action

source-attribute

Description	Specifies the name of the attribute that may appear in client requests which should be remapped to the target attribute. Note that the source attribute must not be equal to the target attribute.
Default Value	None
Allowed Values	A string
Multi-Valued	No
Required	Yes
Admin Action Required	None. Modification requires no further action

target-attribute

Description	Specifies the name of the attribute to which the source attribute should be mapped. Note that the target attribute must not be equal to the source attribute.
Default Value	None
Allowed Values	A string
Multi-Valued	No
Required	Yes
Admin Action Required	None. Modification requires no further action

enable-dn-mapping

Description	Indicates whether attribute mapping should be applied to attribute names that may be present inside of DNs. If this is enabled, then attribute mapping may also be performed for DNs used inside of supported controls and attribute values with an appropriate syntax.
Default Value	true
Allowed Values	true false
Multi-Valued	No
Required	Yes
Admin Action Required	None. Modification requires no further action

enable-control-mapping

Description	Indicates whether attribute mapping should be applied to attribute names that may be present in specific controls. The set of controls for which attribute mapping may be performed is configured in the map-control property.
Default Value	true
Allowed Values	true false
Multi-Valued	No
Required	Yes
Admin Action Required	None. Modification requires no further action

map-control

Description	Specifies the set of controls for which attribute mapping should be performed.
Default Value	assertion-request authorization-identity-response entry-change-notification get-authorization-entry-request get-authorization-entry-response interactive-transaction-specification-response intermediate-client-request matched-values-request post-read-request post-read-response pre-read-request pre-read-response proxied-authorization-v1-request proxied-authorization-v2-request sort-request sort-response
Allowed Values	assertion-request - Indicates that attribute mapping should be performed on the filter contained in the assertion request control. authorization-identity-response - Indicates that attribute mapping should be performed on the authorization ID (for "dn:"-style authzIDs only) in the authorization identity response control. entry-change-notification - Indicates that attribute mapping should be performed on the new DN included in entry change notification control. get-authorization-entry-request - Indicates that attribute mapping should be performed on the requested attributes contained in the get authorization entry request control. get-authorization-entry-response - Indicates that attribute mapping should be performed on the entries contained in the get authorization entry response control. interactive-transaction-specification-response - Indicates that attribute mapping should be performed for the base DNs included in the interactive transaction specification response control. intermediate-client-request - Indicates that attribute mapping should be performed for the client identity field (for "dn:"-style authzIDs only) in the intermediate client request control. matched-values-request - Indicates that attribute mapping should be performed on the filter contained in the matched values request control. post-read-request - Indicates that attribute mapping should be performed on the requested attributes in the post-read request control. post-read-response - Indicates that attribute mapping should be performed on the entry returned in the post-read response control. pre-read-request - Indicates that attribute mapping should be performed on the requested attributes in the pre-read request control. pre-read-response - Indicates that attribute mapping should be performed on the entry returned in the pre-read response control. proxied-authorization-v1-request - Indicates that DN mapping should be performed on the authorization DN in the proxied authorization v1 request control. proxied-authorization-v2-request - Indicates that attribute mapping should be performed on the authorization ID (for "dn:"-style authzIDs only) in the proxied authorization v2 request control. sort-request - Indicates that attribute mapping should be performed on the sort keys of the server-side sort request control. sort-response - Indicates that attribute mapping should be performed on the attribute name included in the server-side sort response control.
Multi-Valued	Yes
Required	Yes
Admin Action Required	None. Modification requires no further action

dsconfig Usage

To list the configured Proxy Transformations:

dsconfig list-proxy-transformations
     [--property {propertyName}] ...

To view the configuration for an existing Proxy Transformation:

dsconfig get-proxy-transformation-prop
     --transformation-name {name}
     [--tab-delimited]
     [--script-friendly]
     [--property {propertyName}] ...

To update the configuration for an existing Proxy Transformation:

dsconfig set-proxy-transformation-prop
     --transformation-name {name}
     (--set|--add|--remove) {propertyName}:{propertyValue}
     [(--set|--add|--remove) {propertyName}:{propertyValue}] ...

To create a new Attribute Mapping Proxy Transformation:

dsconfig create-proxy-transformation
     --transformation-name {name}
     --type attribute-mapping
     --set enabled:{propertyValue}
     --set source-attribute:{propertyValue}
     --set target-attribute:{propertyValue}
     [--set {propertyName}:{propertyValue}] ...

To delete an existing Proxy Transformation:

dsconfig delete-proxy-transformation
     --transformation-name {name}