Versions Compared

Old Version 31

changes.mady.by.user Daniel Lutz

Saved on

compared with

New Version 32

changes.mady.by.user Daniel Lutz

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Add missing dependencies to DataConnector examples

...

The following example defines the attributes krb_principalname and krb_domain krbPrincipalname and krbDomain that are used in the user directory lookup filter template:

Code Block
languagexml
titleExtract the username and realm from the Kerberos Principal name (V3.4)
collapsetrue
    <!-- The principal name resulting from the authentication. -->
    <AttributeDefinition id="principalName"
                     xsi                         xsi:type="PrincipalName"
                     dependencyOnly
                         dependencyOnly="true">
    </AttributeDefinition>
  
    <!-- Extract the simple username from the Kerberos Principal name. -->
    <AttributeDefinition id="krb_principalnamekrbPrincipalname"
                     xsi:type="Mapped"                      dependencyOnly="true">     <InputAttributeDefinition ref="principalName" />
 
    <DefaultValue passThru="true"/>
    <ValueMap>
        <ReturnValue>$1</ReturnValue>
        <SourceValue>                       xsi:type="Mapped"
                         dependencyOnly="true">
        <InputAttributeDefinition ref="principalName" />
 
        <DefaultValue passThru="true"/>
        <ValueMap>
            <ReturnValue>$1</ReturnValue>
            <SourceValue>(.+)@EXAMPLE.ORG</SourceValue>
    <        </ValueMap>
    </AttributeDefinition>
  
    <!-- Map the Kerberos realm to a domain name. -->
    <AttributeDefinition id="krb_domain"
                     xsi:type="Mapped"
                     dependencyOnly="krbDomain"
                         xsi:type="Mapped"
                         dependencyOnly="true">
    <InputAttributeDefinition
        <InputAttributeDefinition ref="principalName" />
 
    <DefaultValue

        <DefaultValue passThru="true"/>
    <ValueMap>
        <ReturnValue>domain
        <ValueMap>
            <ReturnValue>domain_a.com</ReturnValue>
        <SourceValue>
            <SourceValue>(.+)@DOMAIN_A.COM</SourceValue>
    </ValueMap>
    <ValueMap>
        <ReturnValue>domain        </ValueMap>
        <ValueMap>
            <ReturnValue>domain_b.com</ReturnValue>
        <SourceValue>
            <SourceValue>(.+)@DOMAIN_B.COM</SourceValue>
    <        </ValueMap>
    </AttributeDefinition>
Code Block
languagexml
titleExtract the username and realm from the Kerberos Principal name (V3.3)
collapsetrue
    <!-- The principal name resulting from the authentication. -->
    <resolver:AttributeDefinition id="principalName"
                                  xsi:type="ad:PrincipalName"
                                  dependencyOnly="true">
    </resolver:AttributeDefinition>
 
    <!-- Extract the simple username from the Kerberos Principal name. -->
    <resolver:AttributeDefinition id="krb_principalnamekrbPrincipalname"
                                  xsi:type="ad:Mapped"
                                  sourceAttributeID="principalName"
                                  dependencyOnly="true">
        <resolver:Dependency ref="principalName" />

        <ad:DefaultValue passThru="true"/>
        <ad:ValueMap>
            <ad:ReturnValue>$1</ad:ReturnValue>
            <ad:SourceValue>(.+)@EXAMPLE.ORG</ad:SourceValue>
        </ad:ValueMap>
    </resolver:AttributeDefinition>

    <!-- Map the Kerberos realm to a domain name. -->
    <resolver:AttributeDefinition id="krb_domainkrbDomain"
                                  xsi:type="ad:Mapped"
                                  sourceAttributeID="principalName"
                                  dependencyOnly="true">
        <resolver:Dependency ref="principalName" />

        <ad:DefaultValue passThru="true"/>
        <ad:ValueMap>
            <ad:ReturnValue>domain_a.com</ad:ReturnValue>
            <ad:SourceValue>(.+)@DOMAIN_A.COM</ad:SourceValue>
        </ad:ValueMap>
        <ad:ValueMap>
            <ad:ReturnValue>domain_b.com</ad:ReturnValue>
            <ad:SourceValue>(.+)@DOMAIN_B.COM</ad:SourceValue>
        </ad:ValueMap>
    </resolver:AttributeDefinition>

...

Code Block
languagexml
titleExample LDAP data connector (V3.4)
collapsetrue
    <DataConnector id="myLDAP" xsi:type="LDAPDirectory"
    ...>
     
    <FilterTemplate>
        <"
        ...>

        <InputAttributeDefinition ref="krbPrincipalname" />
        <InputAttributeDefinition ref="krbDomain" />
        <FilterTemplate>
            <![CDATA[
            
                (&(|(sAMAccountName=$resolutionContext.principal)(mail=$resolutionContext.principal)(&(sAMAccountName=${krb_principalname$krbPrincipalname.get(0)})(msSFU30NisDomain=${krb_domain$krbDomain.get(0)})))(objectClass=user))
        
            ]]>
    <
        </FilterTemplate>
 
            ...
    </DataConnector>
Code Block
languagexml
titleExample LDAP data connector (V3.3)
collapsetrue
    <resolver:DataConnector id="myLDAP" xsi:type="dc:LDAPDirectory"
        ...>

        <resolver:Dependency ref="krbPrincipalname" />
        <resolver:Dependency ref="krbDomain" />
        <dc:FilterTemplate>
            <![CDATA[
                (&(|(sAMAccountName=$resolutionContext.principal)(mail=$resolutionContext.principal)(&(sAMAccountName=$krb_principalname$krbPrincipalname.get(0))(msSFU30NisDomain=$krb_domain$krbDomain.get(0))))(objectClass=user))
            ]]>
        </dc:FilterTemplate>

        ...
    </resolver:DataConnector>

...