Configuring virtual attributes in PingDirectory
To enable direct application access to a subset of groups in PingDirectory, configure conditional virtual attributes. This use case configures a virtual attribute based on a custom group class.
Before you begin
You must have:
-
A PingDirectory administrator account
-
Access to the PingData administrative console
-
A custom group class in place based on the default groupOfNames
Declaring a new attribute that is equivalent to isMemberOf
You can declare a new attribute that is equivalent to isMemberOf
using one of two methods. Click the tab of the method you want to use to see instructions.
-
Admin console
-
LDIF file
Declaring a new attribute in the PingData administrative console
Use the PingData administrative console to declare a new attribute in PingDirectory.
Steps
-
From the PingData administrative console, go to LDAP Schema → Attribute Types.
-
Optional: In the Attribute Types list, search for
isMemberOf
to filter. -
In the isMemberOf row, from the Actions list, select Copy As.
-
In the Basic Properties section, complete the fields for a new attribute type:
-
In the Name field, enter a name for the new attribute type.
-
In the Description field, enter a description for the new attribute type
-
In the Stored in File field, enter a unique filename for the new attribute type.
In the Syntax field, keep the default settings. The Multivalued checkbox should remain selected.
-
-
Click Save.
-
Restart PingDirectory.
Using an LDIF file to declare a new attribute type in PingDirectory
Use an LDIF file to declare a new attribute type in PingDirectory.
Steps
-
Create an LDIF file that contains the following information.
Provide your own information in the angled brackets based on your configuration.
Example:
dn: cn=schema attributeTypes: (<isMemberOfSupport>-OID NAME '<isMemberOfSupport>' DESC'<custom attribute>' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 NO-USER-MODIFICATION USAGE directoryOperation X-ORIGIN 'Sun Java System Directory Server' X-SCHEMA-FILE ‘<Your file name>.ldif')
-
Copy the file in
<pingdirectory>/config/schema
. -
Restart PingDirectory.
Creating a virtual attribute
You can create a virtual attribute using one of two methods. Click the tab of the method you want to use to see instructions.
-
Admin console
-
Command line
Creating a virtual attribute in the PingData administrative console
Use the PingData administrative console to create a virtual attribute in PingDirectory.
Steps
-
From the PingData administrative console, go to Configuration.
-
From the Core list, select Virtual Attributes.
-
In the isMemberOf row, from the Actions list, select Copy.
-
Complete the required fields for New Is Member Of Virtual Attribute:
-
In the Name field, enter a name.
-
In the Description field, enter a description.
-
Select the Enabled checkbox.
-
In the Attribute Type field, enter the attribute type you created in step 4 of the admin console tab for Declaring a new attribute that is equivalent to isMemberOf.
-
In the Included Group Filter, enter
(objectClass=<your custom class name>)
.
Keep the default settings for all other fields and selections.
-
-
Click Save.
This new attribute is an operational attribute. Ensure you retrieve the attribute when you call the directory.
Result
Your new attribute is ready for testing.
Using the command line to create a virtual attribute in PingDirectory
Use your computer’s command line to perform commands to create a virtual attribute in PingDirectory.
Steps
-
In your computer’s command line, enter the following commands with your information.
Provide your own information in the angled brackets based on your configuration.
dsconfig create-virtual-attribute --name <isMemberOfSupport> \ --type is-member-of \ --set enabled:true \ --set attribute-type:<isMemberOfSupport> \ --set "included-group-filter:(objectClass=<groupSupport>)"