This section instructs the Enterprise Gateway to search the LDAP tree according to
certain conditions in order to locate a specific user profile. Once the
appropriate profile has been retrieved, the Enterprise Gateway will extract the
specified user attributes from it.
Base Criteria:
The value entered specifies where the Enterprise Gateway should begin searching
the LDAP directory. You can enter a property representing the value of a
message attribute in this field. The two most likely message attributes to
use are the authenticated client's ID and DistinguishedName. The corresponding
property values are supplied by default:
-
${authentication.subject.id}
-
${authentication.subject.dname}
Search Filter:
This is the name given by the particular LDAP directory to the
User class. This will depend on the type of LDAP
directory that is configured. You can also use properties to represent
the value of a message attribute. For example, the user.role
attribute can be used to store the user class. The syntax for using the
property representing this attribute is as follows:
-
(objectclass=${user.role})
Search Scope:
If the Enterprise Gateway retrieves a user profile node from the LDAP tree, the
option selected here dictates the level that the Enterprise Gateway will search
the node to. The options available are:
- Object level
- One level
- Sub-tree
Select the Unique Result checkbox to force the Enterprise Gateway
to retrieve a unique user profile from the LDAP directory. This is useful
in cases where the LDAP search has returned several profiles.
The Attribute Name table lists the attributes that the
Enterprise Gateway will retrieve from the user profile. If no attributes are
explicitly listed here, the Enterprise Gateway will extract all user attributes.
In both cases, the retrieved attributes will be set to the
attribute.lookup.list message attribute.
Click the Add button to add the name of an attribute to
extract from the returned user profile. Simply enter the name of the
attribute to extract from the profile in the
Attribute Name field of the
Attribute Lookup dialog.
Important Note:
It is important to note the following:
-
If the search returns results for more that one user and the
Unique Result option is enabled, an error will be
generated. If this option is not enabled, all attributes will be
merged.
-
If an attribute is configured that does not exist in the repository,
no error will be generated.
-
If no attributes are configured, all attributes present for the user
will be retrieved.
|