Is Member Of Virtual Attribute
The Is Member Of Virtual Attribute generates the isMemberOf operational attribute, which contains the DNs of the groups in which the user is a member.
Parent
The Is Member Of Virtual Attribute object inherits from Virtual Attribute.
Is Member Of Virtual Attribute Properties
You can use configuration expressions to set property values at startup time. For details, see Property Value Substitution.
Basic Properties | Advanced Properties | ||||||||
---|---|---|---|---|---|---|---|---|---|
|
|
Basic Properties
attribute-type
Synopsis | Specifies the attribute type for the attribute whose values are to be dynamically assigned by the virtual attribute. |
Default Value | isMemberOf |
Allowed Values | The name of an attribute type defined in the LDAP schema. |
Multi-valued | No |
Required | Yes |
Admin Action Required | None |
Advanced | No |
Read-Only | No |
base-dn
Synopsis | Specifies the base DNs for the branches containing entries that are eligible to use this virtual attribute. |
Description | If no values are given, then the server generates virtual attributes anywhere in the server. |
Default Value | The location of the entry in the server is not taken into account when determining whether an entry is eligible to use this virtual attribute. |
Allowed Values | A valid DN. |
Multi-valued | Yes |
Required | No |
Admin Action Required | None |
Advanced | No |
Read-Only | No |
enabled
Synopsis | Indicates whether the Virtual Attribute is enabled for use. |
Default Value | None |
Allowed Values | true false |
Multi-valued | No |
Required | Yes |
Admin Action Required | None |
Advanced | No |
Read-Only | No |
filter
Synopsis | Specifies the search filters to be applied against entries to determine if the virtual attribute is to be generated for those entries. |
Description | If no values are given, then any entry is eligible to have the value generated. If one or more filters are specified, then only entries that match at least one of those filters are allowed to have the virtual attribute. |
Default Value | (objectClass=*) |
Allowed Values | Any valid search filter string. |
Multi-valued | Yes |
Required | No |
Admin Action Required | None |
Advanced | No |
Read-Only | No |
group-dn
Synopsis | Specifies the DNs of the groups whose members can be eligible to use this virtual attribute. |
Description | If no values are given, then group membership is not taken into account when generating the virtual attribute. If one or more group DNs are specified, then only members of those groups are allowed to have the virtual attribute. |
Default Value | Group membership is not taken into account when determining whether an entry is eligible to use this virtual attribute. |
Allowed Values | A valid DN. |
Multi-valued | Yes |
Required | No |
Admin Action Required | None |
Advanced | No |
Read-Only | No |
scope
Synopsis | Specifies the LDAP scope associated with base DNs for entries that are eligible to use this virtual attribute. |
Default Value | whole-subtree |
Allowed Values | base-object: Search the base object only. single-level: Search the immediate children of the base object but do not include any of their descendants or the base object itself. subordinate-subtree: Search the entire subtree below the base object but do not include the base object itself. whole-subtree: Search the base object and the entire subtree below the base object. |
Multi-valued | No |
Required | No |
Admin Action Required | None |
Advanced | No |
Read-Only | No |
Advanced Properties
Use the --advanced
option to access advanced properties.
conflict-behavior
Synopsis | Specifies the behavior that the server is to exhibit for entries that already contain one or more real values for the associated attribute. |
Default Value | virtual-overrides-real |
Allowed Values | merge-real-and-virtual: Indicates that the virtual attribute provider is to preserve any real values contained in the entry and merge them with the set of generated virtual values so that both the real and virtual values are used. real-overrides-virtual: Indicates that any real values contained in the entry are preserved and used, and virtual values are not generated. virtual-overrides-real: Indicates that the virtual attribute provider suppresses any real values contained in the entry and generates virtual values and uses them. |
Multi-valued | No |
Required | No |
Admin Action Required | None |
Advanced | Yes |
Read-Only | No |
java-class
Synopsis | Specifies the fully-qualified name of the virtual attribute provider class that generates the attribute values. |
Default Value | org.opends.server.extensions.IsMemberOfVirtualAttributeProvider |
Allowed Values | A Java class that extends or implements:
|
Multi-valued | No |
Required | Yes |
Admin Action Required | The object must be disabled and re-enabled for changes to take effect. |
Advanced | Yes |
Read-Only | No |