The DN Mapping Proxy Transformation may be used to rewrite client requests so that references to entries below a specified DN will be mapped so that they appear to be below another DN (e.g., references to entries below o=example.com could be rewritten so that they are below dc=example,dc=com). The mapping will be applied in reverse for responses back to the client.
Please note that any joined entries included with the search result entries will not be altered when performing searches with the join request control (OID 1.3.6.1.4.1.30221.2.5.9).
↓Parent Component
↓Properties
↓dsconfig Usage
The DN Mapping Proxy Transformation component inherits from the Proxy Transformation
The properties supported by this managed object are as follows:
| Basic Properties: | Advanced Properties: |
|---|---|
| ↓ description | None |
| ↓ enabled | |
| ↓ request-criteria | |
| ↓ source-dn | |
| ↓ target-dn | |
| ↓ enable-attribute-mapping | |
| ↓ map-attribute | |
| ↓ enable-control-mapping | |
| ↓ map-control |
| Description | A description for this Proxy Transformation |
| Default Value | None |
| Allowed Values | A string |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | Indicates whether this proxy transformation is enabled for use in the server. |
| Default Value | None |
| Allowed Values | true false |
| Multi-Valued | No |
| Required | Yes |
| Admin Action Required | None. Modification requires no further action |
| Description | Criteria indicating the set of operations for which the transformation will be invoked. |
| Default Value | This Proxy Transformation will be invoked for all operations. |
| Allowed Values | The DN of any Request Criteria. |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | Specifies the source DN that may appear in client requests which should be remapped to the target DN. Note that the source DN must not be equal to the target DN. |
| Default Value | None |
| Allowed Values | A valid DN. |
| Multi-Valued | No |
| Required | Yes |
| Admin Action Required | None. Modification requires no further action |
| Description | Specifies the DN to which the source DN should be mapped. Note that the target DN must not be equal to the source DN. |
| Default Value | None |
| Allowed Values | A valid DN. |
| Multi-Valued | No |
| Required | Yes |
| Admin Action Required | None. Modification requires no further action |
| Description | Indicates whether DN mapping should be applied to the values of attributes with appropriate syntaxes. |
| Default Value | true |
| Allowed Values | true false |
| Multi-Valued | No |
| Required | Yes |
| Admin Action Required | None. Modification requires no further action |
| Description | Specifies a set of specific attributes for which DN mapping should be applied. This will only be applicable if the enable-attribute-mapping property has a value of "true". Any attributes listed must be defined in the server schema with either the distinguished name syntax or the name and optional UID syntax. |
| Default Value | If no specific map attributes are defined but attribute mapping is enabled, then all attributes with a distinguished name or name and optional UID syntax will be examined to determine if any mapping is required. |
| Allowed Values | The name or OID of an attribute type defined in the server schema. |
| Multi-Valued | Yes |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | Indicates whether DN mapping should be applied to DNs that may be present in specific controls. The set of controls for which DN mapping may be performed is configured in the map-control property. |
| Default Value | true |
| Allowed Values | true false |
| Multi-Valued | No |
| Required | Yes |
| Admin Action Required | None. Modification requires no further action |
| Description | Specifies the set of controls for which DN mapping should be performed. |
| Default Value | assertion-request authorization-identity-response entry-change-notification get-effective-rights-request interactive-transaction-specification-response intermediate-client-request matched-values-request proxied-authorization-v1-request proxied-authorization-v2-request pre-read-response post-read-response |
| Allowed Values | assertion-request - Indicates that DN mapping should be performed on the filter contained in the assertion request control. authorization-identity-response - Indicates that DN mapping should be performed on the authorization ID (for "dn:"-style authzIDs only) in the authorization identity response control. entry-change-notification - Indicates that DN mapping should be performed on the previous DN (for modify DN operations) in the entry change notification control. get-effective-rights-request - Indicates that DN mapping should be performed on the authorization ID (for "dn:"-style authzIDs only) in the get effective rights request control. interactive-transaction-specification-response - Indicates that DN mapping should be performed for the base DNs included in the interactive transaction specification response control. intermediate-client-request - Indicates that DN mapping should be performed for the client identity field (for "dn:"-style authzIDs only) in the intermediate client request control. matched-values-request - Indicates that DN mapping should be performed for appropriate attributes in the filter included in the matched values request control. proxied-authorization-v1-request - Indicates that DN mapping should be performed on the authorization DN in the proxied authorization v1 request control. proxied-authorization-v2-request - Indicates that DN mapping should be performed on the authorization ID (for "dn:"-style authzIDs only) in the proxied authorization v2 request control. post-read-response - Indicates that DN mapping should be performed on the DN and attributes of the entry included in the post-read response control. pre-read-response - Indicates that DN mapping should be performed on the DN and attributes of the entry included in the pre-read response control. |
| Multi-Valued | Yes |
| Required | Yes |
| Admin Action Required | None. Modification requires no further action |
To list the configured Proxy Transformations:
dsconfig list-proxy-transformations
[--property {propertyName}] ...
To view the configuration for an existing Proxy Transformation:
dsconfig get-proxy-transformation-prop
--transformation-name {name}
[--tab-delimited]
[--script-friendly]
[--property {propertyName}] ...
To update the configuration for an existing Proxy Transformation:
dsconfig set-proxy-transformation-prop
--transformation-name {name}
(--set|--add|--remove) {propertyName}:{propertyValue}
[(--set|--add|--remove) {propertyName}:{propertyValue}] ...
To create a new DN Mapping Proxy Transformation:
dsconfig create-proxy-transformation
--transformation-name {name}
--type dn-mapping
--set enabled:{propertyValue}
--set source-dn:{propertyValue}
--set target-dn:{propertyValue}
[--set {propertyName}:{propertyValue}] ...
To delete an existing Proxy Transformation:
dsconfig delete-proxy-transformation
--transformation-name {name}