17 Managing Computed Attributes

This chapter describes how to manage computed attributes. It contains the following topics:

• Section 17.1, "Introduction to Computed Attributes"

• Section 17.2, "Configuring Computed Attributes"

17.1 Introduction to Computed Attributes

Oracle Internet Directory server provides the OrclComputedAttribute attribute as a mechanism to dynamically compute a configurable attribute and its value based on one or more rules. Thus, an attribute can be computed when it is actually needed, without requiring that the attribute persist in the directory store. Computed attributes can be useful in the transition from a test to a production deployment.

The OrclComputedAttribute attribute is a configuration attribute in the DSA Configuration entry:

cn=dsaconfig,cn=configsets,cn=oracle internet directory.

OrclComputedAttribute is a multivalued attribute, so multiple attributes and their values can be computed dynamically.

An OrclComputedAttribute value can be derived from the following items, or a combination of these items, which are defined in the rules:

• A standard LDAP URI, as defined in RFC 4516

• A predetermined string

• An attribute value

• A function of an attribute value

Considerations for using OrclComputedAttribute include:

• The computed attribute name must be defined in the schema.

• The computed attribute might have access control policies that prevent the return of its value.

• Computed attributes are derived only for lookup and search operations. If the result entry has a configured computed attribute, then Oracle Internet Directory server skips computation of the attribute.

• Update operations are allowed for removing or replacing an existing value in the entry.

17.2 Configuring Computed Attributes

You can configure OrclComputedAttribute using LDAP tools such as ldapmodify, Oracle Directory Services Manager, or third-party LDAP browsers.

This section describes these topics:

• Section 17.2.1, "Rules and Syntax Used for Computed Attributes"

• Section 17.2.2, "Examples Using Computed Attributes"

17.2.1 Rules and Syntax Used for Computed Attributes

This section describes the syntax used for the rules used to compute the attribute values.

If you can use a combination of these rules to compute a value, see the Special Characters entry in Table 17-1.

The rules use the following syntax:

OrclComputedAttribute;ComputedAttrName;dn;Filter: ldapURI 

OrclComputedAttribute;ComputedAttrName;dn;Filter: "anyString"

OrclComputedAttribute;ComputedAttrName;dn;Filter: AttributeName

OrclComputedAttribute;ComputedAttrName;dn;Filter: Func(attrName)

Table 17-1 describes the elements used in these rules.

Table 17-1 Syntax Elements Used in Rules for Computed Attributes

Element	Description
ComputedAttrName	Name of the attribute that should be returned with the entry. The computed attribute name must be defined in the schema. The attribute is also subject to ACL evaluation after the value is computed.
dn	Distinguished name. The attribute is computed for child entries under this DN.
Filter	Filter value. The attribute is computed for entries that belong to this filter value.
ldapURI	URI that conforms to the syntax described in RFC 4516, as follows: ldap:///baseDN?ReqdAttribute??scope?filter ReqdAttribute is a single attribute name for a required attribute. If there is a space character in the ldapURI configuration, the space must be encoded as %20, as described in RFC 4516.
"anyString"	String to be included. It must be enclosed by double quote characters.
AttributeName	Attribute name that indicates the value of that attribute should be used.
Func(attr)	Name of a function to perform on the value. In Release 11g (11.1.1.7.0), the following functions are available: lower(attrName) upper(attrName) substr(attrName,pos,len) replace(attrName,"str") trunc(attrName, "c")
Special Characters	Special characters that can be used with the rules are: If you specify more than one rule, you must use a space character to separate each rule. To append or concatenate a rule or string, use a plus sign (+). To have the result of the first rule evaluation determine the value, use the OR operator (|). The asterisk (*) is the wildcard character and is allowed only in ldapURI. If this operator appears in the DN part of the URI, then * is derived from the scope of evaluating the entry's DN.

17.2.2 Examples Using Computed Attributes

This section provides the following examples for using computed attributes:

• Section 17.2.2.1, "Returning an Attribute Value as Uppercase"

• Section 17.2.2.2, "Returning the Substring of an Attribute Value"

• Section 17.2.2.3, "Replacing an Attribute Value"

• Section 17.2.2.4, "Specifying a URI-Based Configuration"

• Section 17.2.2.5, "Using a Combination of Different Rules"

• Section 17.2.2.6, "Using an OR (|) Operator"

17.2.2.1 Returning an Attribute Value as Uppercase

This example computes the cn attribute as uppercase and returns the attribute as upperattr:

dn: cn=dsaconfig,cn=configsets,cn=oracle internet directory
changetype: modify
add: orclcomputedattribute;upperattr;dc=acme,dc=com;objectclass=person
orclcomputedattribute;upperattr;ou=EuroSInet Suite,o=IMC,c=US;objectclass=person: upper(cn)

The schema definition for upperattr must be defined.

17.2.2.2 Returning the Substring of an Attribute Value

This example computes the substring of the attribute value and returns the attribute substrattr with the value as description value from position 1 for the next 3 characters:

dn: cn=dsaconfig,cn=configsets,cn=oracle internet directory
changetype: modify
add: orclcomputedattribute;substrattr;dc=acme,dc=com;objectclass=person
orclcomputedattribute;substrattr;dc=acme,dc=com;objectclass=person: substr(description, 1,3)

17.2.2.3 Replacing an Attribute Value

This example computes and replaces the attribute value for newTitle:

dn: cn=dsaconfig,cn=configsets,cn=oracle internet directory
changetype: modify
add: orclcomputedattribute;newTitle;cn=john doe,dc=acme,dc=com;objectclass=person
orclcomputedattribute;newTitle;ou=EuroSInet Suite,o=IMC,c=US;objectclass=person:  replace(title, "Clerk", "Manager")

17.2.2.4 Specifying a URI-Based Configuration

This example adds commonTelephoneNumber to every entry under dc=acme,dc=com:

dn: cn=dsaconfig,cn=configsets,cn=oracle internet directory
changetype: modify
add: orclcomputedattribute;commonTelephoneNumber;dc=acme,dc=com;objectclass=person
orclcomputedattribute;commonTelephoneNumber;dc=acme,dc=com,c=US;objectclass=person: "Common PhoneNumber is " +  
ldap:///cn=common%20attributes,dc=com?telephonenumber??base?objectclass=*

17.2.2.5 Using a Combination of Different Rules

Concatenate different rules using a + (plus sign) with the rules separated by a space character:

dn: cn=dsaconfig,cn=configsets,cn=oracle internet directory
changetype: modify
add: orclcomputedattribute;combinationAttribute;ou=EuroSInet Suite,o=IMC,c=US;objectclass=person
orclcomputedattribute;combinationAttribute;dc=acme,dc=com;objectclass=person: "telephone number from common entry:" +  ldap:///cn=common Entry,?telephonenumber??base?objectclass=* + 
" appending replace of title attr with clerk/manager " + 
replace(title, "Clerk", "Manager")

dn: cn=dsaconfig,cn=configsets,cn=oracle internet directory
changetype: modify
add: orclcomputedattribute;combinationAttr2;dc=acme,dc=com;objectclass=person
orclcomputedattribute;combinationAttr2;dc=acme,dc=com;objectclass=person: "Telephone number  from common entry " +  
ldap:///cn=commonEntry,dc=acme,dc=com?telephonenumber??base?objectclass=* + 
" appending truncate of description for space char " + trunc(description, " ")

17.2.2.6 Using an OR (|) Operator

Add the contactNumber attribute as telephoneNumber if the entry has the telephoneNumber attribute; otherwise, copy the value 6505067000:

dn: cn=dsaconfig,cn=configsets,cn=oracle internet directory
changetype: modify
add: orclcomputedattribute;contactNumber;cn=employees,dc=acme,dc=com;
   (objectclass=person)
orclcomputedattribute;contactNumber;cn=employees,dc=acme,dc=com;
   (objectclass=person): telephonenumber | 6505067000

Note:

For the OR operator (|), the computed attribute definition supports the following syntax:

definition-1 | definition-2 | ... definition-n

where:

• definition-1 can be a complex rule.

• definition-2 through definition-n must be a simple rule only, such as a hard-coded string or an attribute value. These definitions cannot be function expressions or a combination of expression rules.

For example, for the following rule, if the uid is not present for an entry, the result will be a computed value "cn=", regardless of the number of occurences of the attribute cn in the entry:

orclcomputedattr;myattr;cn=employees;(objectclass=inetorgperson): "uid=" + uid | "cn=" + cn