Directory Services 7.4.3

Regular Expression Identity Mapper

The Regular Expression Identity Mapper provides a way to use a regular expression to translate the provided identifier when searching for the appropriate user entry.

This may be used, for example, if the provided identifier is expected to be an e-mail address or Kerberos principal, but only the username portion (the part before the "@" symbol) should be used in the mapping process. Note that a replacement will be made only if all or part of the provided ID string matches the given match pattern. If no part of the ID string matches the provided pattern, the given ID string is used without any alteration.

Parent

The Regular Expression Identity Mapper object inherits from Identity Mapper.

Regular Expression Identity Mapper properties

You can use configuration expressions to set property values at startup time. For details, see Property value substitution.

Basic Properties Advanced Properties

enabled
match-attribute
match-base-dn
match-pattern
replace-pattern

java-class

Basic properties

Use the --advanced option to access advanced properties.

enabled

Synopsis

Indicates whether the Identity Mapper is enabled for use.

Default value

None

Allowed values

true

false

Multi-valued

No

Required

Yes

Admin action required

None

Advanced

No

Read-only

No

match-attribute

Synopsis

Specifies the name or OID of the attribute whose value should match the provided identifier string after it has been processed by the associated regular expression.

Description

All values must refer to the name or OID of an attribute type defined in the directory server schema. If multiple attributes or OIDs are provided, at least one of those attributes must contain the provided ID string value in exactly one entry.

Default value

uid

Allowed values

The name of an attribute type defined in the LDAP schema.

Multi-valued

Yes

Required

Yes

Admin action required

None

Advanced

No

Read-only

No

match-base-dn

Synopsis

Specifies the base DN(s) that should be used when performing searches to map the provided ID string to a user entry. If multiple values are given, searches are performed below all the specified base DNs.

Default value

The server searches below all public naming contexts local to the server.

Allowed values

A valid DN.

Multi-valued

Yes

Required

No

Admin action required

None

Advanced

No

Read-only

No

match-pattern

Synopsis

Specifies the regular expression pattern that is used to identify portions of the ID string that will be replaced.

Description

Any portion of the ID string that matches this pattern is replaced in accordance with the provided replace pattern (or is removed if no replace pattern is specified). If multiple substrings within the given ID string match this pattern, all occurrences are replaced. If no part of the given ID string matches this pattern, the ID string is not altered. Exactly one match pattern value must be provided, and it must be a valid regular expression as described in the API documentation for the java.util.regex.Pattern class, including support for capturing groups.

Default value

None

Allowed values

Any valid regular expression pattern which is supported by the java.util.regex.Pattern class (see https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/util/regex/Pattern.html for documentation about this class for Java 11).

Multi-valued

No

Required

Yes

Admin action required

None

Advanced

No

Read-only

No

replace-pattern

Synopsis

Specifies the replacement pattern that should be used for substrings in the ID string that match the provided regular expression pattern.

Description

If no replacement pattern is provided, then any matching portions of the ID string will be removed (i.e., replaced with an empty string). The replacement pattern may include a string from a capturing group by using a dollar sign ($) followed by an integer value that indicates which capturing group should be used.

Default value

The replace pattern will be the empty string.

Allowed values

Any valid replacement string that is allowed by the java.util.regex.Matcher class.

Multi-valued

No

Required

No

Admin action required

None

Advanced

No

Read-only

No

Advanced properties

Use the --advanced option to access advanced properties.

java-class

Synopsis

Specifies the fully-qualified name of the Java class that provides the Regular Expression Identity Mapper implementation.

Default value

org.opends.server.extensions.RegularExpressionIdentityMapper

Allowed values

A Java class that extends or implements:

  • org.opends.server.api.IdentityMapper

Multi-valued

No

Required

Yes

Admin action required

The object must be disabled and re-enabled for changes to take effect.

Advanced

Yes

Read-only

No

Copyright © 2010-2024 ForgeRock, all rights reserved.