Directory Services 7.4.3

User Template Virtual Attribute

The User Template Virtual Attribute generates attribute values using a customizable template whose expressions are replaced by values from referenced attributes in the target entry.

Virtual attributes based on templates build their values from other attribute values present in the target entry. Some examples of valid templates and of the final attribute value are: With no placeholders: "No placeholders in template!" With placeholders pointing to other entry attributes: "{uid}@{domain}" : "bjensen@example.com" With expression defining default value: "{uid}@{domain|domain.com}" (if domain="example.com") "bjensen@example.com" (if no domain attribute) "bjensen@domain.com" With reference pointing to a multi-valued attribute : "This is {cn}" cn = 1 : "This is 1" cn = 2 : "This is 2" cn = 3 : "This is 3" With escaping brace: "This is \{uid}" : "This is {uid}" "This is \{uid\}" : "This is {uid\}" Note: the user template virtual attributes cannot be specified as a filter components (not searchable)

Parent

The User Template Virtual Attribute object inherits from Virtual Attribute.

User Template Virtual Attribute properties

You can use configuration expressions to set property values at startup time. For details, see Property value substitution.

Basic Properties Advanced Properties

attribute-type
base-dn
conflict-behavior
enabled
filter
group-dn
scope
template

java-class

Basic properties

Use the --advanced option to access advanced properties.

attribute-type

Synopsis

Specifies the attribute type for the attribute whose values are to be dynamically assigned by the virtual attribute.

Default value

None

Allowed values

The name of an attribute type defined in the LDAP schema.

Multi-valued

No

Required

Yes

Admin action required

None

Advanced

No

Read-only

No

base-dn

Synopsis

Specifies the base DNs for the branches containing entries that are eligible to use this virtual attribute.

Description

If no values are given, then the server generates virtual attributes anywhere in the server.

Default value

The location of the entry in the server is not taken into account when determining whether an entry is eligible to use this virtual attribute.

Allowed values

A valid DN.

Multi-valued

Yes

Required

No

Admin action required

None

Advanced

No

Read-only

No

conflict-behavior

Synopsis

Specifies the behavior that the server is to exhibit for entries that already contain one or more real values for the associated attribute.

Default value

real-overrides-virtual

Allowed values

  • merge-real-and-virtual: Indicates that the virtual attribute provider is to preserve any real values contained in the entry and merge them with the set of generated virtual values so that both the real and virtual values are used.

  • real-overrides-virtual: Indicates that any real values contained in the entry are preserved and used, and virtual values are not generated.

  • virtual-overrides-real: Indicates that the virtual attribute provider suppresses any real values contained in the entry and generates virtual values and uses them.

Multi-valued

No

Required

No

Admin action required

None

Advanced

No

Read-only

No

enabled

Synopsis

Indicates whether the Virtual Attribute is enabled for use.

Default value

None

Allowed values

true

false

Multi-valued

No

Required

Yes

Admin action required

None

Advanced

No

Read-only

No

filter

Synopsis

Specifies the search filters to be applied against entries to determine if the virtual attribute is to be generated for those entries.

Description

If no values are given, then any entry is eligible to have the value generated. If one or more filters are specified, then only entries that match at least one of those filters are allowed to have the virtual attribute.

Default value

(objectClass=*)

Allowed values

Any valid search filter string.

Multi-valued

Yes

Required

No

Admin action required

None

Advanced

No

Read-only

No

group-dn

Synopsis

Specifies the DNs of the groups whose members can be eligible to use this virtual attribute.

Description

If no values are given, then group membership is not taken into account when generating the virtual attribute. If one or more group DNs are specified, then only members of those groups are allowed to have the virtual attribute.

Default value

Group membership is not taken into account when determining whether an entry is eligible to use this virtual attribute.

Allowed values

A valid DN.

Multi-valued

Yes

Required

No

Admin action required

None

Advanced

No

Read-only

No

scope

Synopsis

Specifies the LDAP scope associated with base DNs for entries that are eligible to use this virtual attribute.

Default value

whole-subtree

Allowed values

  • base-object: Search the base object only.

  • single-level: Search the immediate children of the base object but do not include any of their descendants or the base object itself.

  • subordinate-subtree: Search the entire subtree below the base object but do not include the base object itself.

  • whole-subtree: Search the base object and the entire subtree below the base object.

Multi-valued

No

Required

No

Admin action required

None

Advanced

No

Read-only

No

template

Synopsis

Specifies the template that is used to generate a value(s) to be included in the virtual attribute. A string possibly containing reference attribute names surrounded by { and } whose values are to be used for building the virtual attribute. Ex: '{uid}' Default values for missing references can be specified by separating with '|' the reference attribute name and the default value. Ex: '{domain|example.com}' When '{' have to appear in the final value, they can be escaped with '\'.

Default value

None

Allowed values

A string.

Multi-valued

No

Required

Yes

Admin action required

None

Advanced

No

Read-only

No

Advanced properties

Use the --advanced option to access advanced properties.

java-class

Synopsis

Specifies the fully-qualified name of the virtual attribute provider class that generates the attribute values.

Default value

org.opends.server.extensions.UserTemplateVirtualAttributeProvider

Allowed values

A Java class that extends or implements:

  • org.opends.server.api.VirtualAttributeProvider

Multi-valued

No

Required

Yes

Admin action required

The object must be disabled and re-enabled for changes to take effect.

Advanced

Yes

Read-only

No

Copyright © 2010-2024 ForgeRock, all rights reserved.