<?xml version="1.0" encoding="utf-8"?>
|
<!--
|
! CDDL HEADER START
|
!
|
! The contents of this file are subject to the terms of the
|
! Common Development and Distribution License, Version 1.0 only
|
! (the "License"). You may not use this file except in compliance
|
! with the License.
|
!
|
! You can obtain a copy of the license at
|
! trunk/opends/resource/legal-notices/OpenDS.LICENSE
|
! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
|
! See the License for the specific language governing permissions
|
! and limitations under the License.
|
!
|
! When distributing Covered Code, include this CDDL HEADER in each
|
! file and include the License file at
|
! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
|
! add the following below this CDDL HEADER, with the fields enclosed
|
! by brackets "[]" replaced with your own identifying information:
|
! Portions Copyright [yyyy] [name of copyright owner]
|
!
|
! CDDL HEADER END
|
!
|
!
|
! Copyright 2007-2008 Sun Microsystems, Inc.
|
! Portions Copyright 2011 ForgeRock AS
|
! -->
|
<adm:managed-object name="exact-match-identity-mapper"
|
plural-name="exact-match-identity-mappers"
|
package="org.opends.server.admin.std" extends="identity-mapper"
|
xmlns:adm="http://www.opends.org/admin"
|
xmlns:ldap="http://www.opends.org/admin-ldap">
|
<adm:synopsis>
|
The
|
<adm:user-friendly-name />
|
maps an identifier string to user entries by searching for the entry
|
containing a specified attribute whose value is the provided
|
identifier. For example, the username provided by the client for DIGEST-MD5
|
authentication must match the value of the uid attribute
|
</adm:synopsis>
|
<adm:profile name="ldap">
|
<ldap:object-class>
|
<ldap:name>ds-cfg-exact-match-identity-mapper</ldap:name>
|
<ldap:superior>ds-cfg-identity-mapper</ldap:superior>
|
</ldap:object-class>
|
</adm:profile>
|
<adm:property-override name="java-class" advanced="true">
|
<adm:default-behavior>
|
<adm:defined>
|
<adm:value>
|
org.opends.server.extensions.ExactMatchIdentityMapper
|
</adm:value>
|
</adm:defined>
|
</adm:default-behavior>
|
</adm:property-override>
|
<adm:property name="match-attribute" mandatory="true"
|
multi-valued="true">
|
<adm:synopsis>
|
Specifies the attribute whose value should exactly match the ID
|
string provided to this identity mapper.
|
</adm:synopsis>
|
<adm:description>
|
At least one value must be provided. All values must refer to the
|
name or OID of an attribute type defined in the directory server
|
schema. If multiple attributes or OIDs are provided, at least one of
|
those attributes must contain the provided ID string value in exactly
|
one entry. The internal search performed includes a logical OR across
|
all of these values.
|
</adm:description>
|
<adm:default-behavior>
|
<adm:defined>
|
<adm:value>
|
uid
|
</adm:value>
|
</adm:defined>
|
</adm:default-behavior>
|
<adm:syntax>
|
<adm:attribute-type />
|
</adm:syntax>
|
<adm:profile name="ldap">
|
<ldap:attribute>
|
<ldap:name>ds-cfg-match-attribute</ldap:name>
|
</ldap:attribute>
|
</adm:profile>
|
</adm:property>
|
<adm:property name="match-base-dn" mandatory="false" multi-valued="true">
|
<adm:synopsis>
|
Specifies the set of base DNs below which to search for users.
|
</adm:synopsis>
|
<adm:description>
|
The base DNs will be used when performing searches to map the
|
provided ID string to a user entry. If multiple values are given, searches
|
are performed below all specified base DNs.
|
</adm:description>
|
<adm:default-behavior>
|
<adm:alias>
|
<adm:synopsis>
|
The server searches below all public naming contexts.
|
</adm:synopsis>
|
</adm:alias>
|
</adm:default-behavior>
|
<adm:syntax>
|
<adm:dn />
|
</adm:syntax>
|
<adm:profile name="ldap">
|
<ldap:attribute>
|
<ldap:name>ds-cfg-match-base-dn</ldap:name>
|
</ldap:attribute>
|
</adm:profile>
|
</adm:property>
|
</adm:managed-object>
|
