Details
-
New Feature
-
Resolution: Fixed
-
Minor
-
None
-
None
Description
Attributes derived from the Shibboleth Attribute Resolver may be provisioned using ldappc.
The location of the files needed by the Attribute Resolver is determined by the -r <path> command line option. The files required are ldappc-internal.xml, ldappc-services.xml, and ldappc-resolver.xml, which are similar to the files used by the Shibboleth IDP.
Example configuration for ldappc :
<resolver-attribute-mapping ldap-object-class="group">
<resolver-attribute-map resolver-attribute="sAMAccountName" ldap-attribute="sAMAccountName" />
</resolver-attribute-mapping>
Example configuration for the Attribute Resolver :
<resolver:DataConnector id="groupDataConnector" xsi:type="grouper:GroupDataConnector" />
<resolver:AttributeDefinition xsi:type="Script" xmlns="urn:mace:shibboleth:2.0:resolver:ad" id="sAMAccountName" sourceAttributeID="name">
<resolver:Dependency ref="groupDataConnector" />
<Script><![CDATA[
// Import Shibboleth attribute provider
importPackage(Packages.edu.internet2.middleware.shibboleth.common.attribute.provider);
sAMAccountName = new BasicAttribute("sAMAccountName");
sAMAccountName.getValues().add(name.getValues().get(0).replaceAll(":","_"));
]]></Script>
</resolver:AttributeDefinition>