File: authproc_attributevaluemap.md

package info (click to toggle)
simplesamlphp 1.19.7-2
  • links: PTS, VCS
  • area: main
  • in suites: sid
  • size: 42,920 kB
  • sloc: php: 202,044; javascript: 14,867; xml: 2,700; sh: 225; perl: 82; makefile: 70; python: 5
file content (84 lines) | stat: -rw-r--r-- 3,346 bytes parent folder | download | duplicates (4) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
 
`core:AttributeValueMap`
===================

Filter that creates a target attribute based on one or more value(s) in source attribute.

Besides the mapping of source values to target values, the filter has the following options:
* `%replace` can be used to replace all existing values in target with new ones (any existing values will be lost)
* `%keep` can be used to keep the source attribute, otherwise it will be removed.

Examples
--------

### Add student affiliation based on LDAP groupmembership
Will add eduPersonAffiliation containing value "`student`" if the `memberOf` attribute contains
either '`cn=student,o=some,o=organization,dc=org`' or '`cn=student,o=other,o=organization,dc=org`'.
The '`memberOf`' attribute will be removed (use `%keep`, to keep it) and existing values in
'`eduPersonAffiliation`' will be merged (use `%replace` to replace them).

    'authproc' => array(
        50 => array(
            'class' => 'core:AttributeValueMap',
            'sourceattribute' => 'memberOf',
            'targetattribute' => 'eduPersonAffiliation',
            'values' => array(
                'student' => array(
                    'cn=student,o=some,o=organization,dc=org',
                    'cn=student,o=other,o=organization,dc=org',
                ),
            ),
        ),
    )

### Multiple assignments
Add `student`, `employee` and `both` affiliation based on LDAP groupmembership in the `memberOf` attribute.

    'authproc' => array(
        50 => array(
            'class' => 'core:AttributeValueMap',
            'sourceattribute' => 'memberOf',
            'targetattribute' => 'eduPersonAffiliation',
            'values' => array(
                'student' => array(
                    'cn=student,o=some,o=organization,dc=org',
                    'cn=student,o=other,o=organization,dc=org',
                ),
                'employee' => array(
                    'cn=employees,o=some,o=organization,dc=org',
                    'cn=employee,o=other,o=organization,dc=org',
                    'cn=workers,o=any,o=organization,dc=org',
                ),
                'both' => array(
                    'cn=student,o=some,o=organization,dc=org',
                    'cn=student,o=other,o=organization,dc=org',
                    'cn=employees,o=some,o=organization,dc=org',
                    'cn=employee,o=other,o=organization,dc=org',
                    'cn=workers,o=any,o=organization,dc=org',
                ),
            ),
        ),
    )

### Replace and Keep
Replace any existing '`affiliation`' attribute values and keep the '`groups`' attribute.
    
    'authproc' => array(
        50 => array(
            'class' => 'core:AttributeValueMap',
            'sourceattribute' => 'groups',
            'targetattribute' => 'affiliation',
            '%replace',
            '%keep',
            'values' => array(
                'student' => array(
                    'cn=student,o=some,o=organization,dc=org',
                    'cn=student,o=other,o=organization,dc=org',
                ),
                'employee' => array(
                    'cn=employees,o=some,o=organization,dc=org',
                    'cn=employee,o=other,o=organization,dc=org',
                    'cn=workers,o=any,o=organization,dc=org',
                ),
            ),
        ),
    )