1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
|
`core:AttributeAlter`
==========
This filter can be used to substitute and replace different parts of the attribute values based on regular expressions.
It can also be used to create new attributes based on existing values, or even to remove blacklisted values from
attributes.
Parameters
----------
`class`
: This is the name of the filter.
It must be `'core:AttributeAlter'`.
`subject`
: The attribute in which the search is performed.
This parameter is REQUIRED and the filter will throw an exception if it is not set. The filter will
stop quietly if the attribute specified here is empty or not found.
`pattern`
: The pattern to look for inside the subject. Supports full Perl Compatible Regular Expressions (PCRE).
This parameter is REQUIRED and the filter will throw an exception if it is not set.
`replacement`
: The value used to replace the match. Back references are not supported.
This parameter is REQUIRED, except when using the `%replace` or `%remove` options. If `%replace` is used and
`replacement` is not set, then the match is used as a replacement.
`target`
: The attribute where the replaced value will be placed.
This parameter is OPTIONAL, and if not set, `subject` is used as `target`.
`%replace`
: Indicates that the whole value of the attribute should be replaced, instead of just the match.
This parameter is OPTIONAL.
`%remove`
: Indicates that the whole value of the attribute should be removed completely. If no other values exist, the
attribute will be removed completely.
This parameter is OPTIONAL.
Examples
--------
Change the domain on the `mail` attribute (when both the new and old domain are known):
10 => array(
'class' => 'core:AttributeAlter',
'subject' => 'mail',
'pattern' => '/olddomain.com/',
'replacement' => 'newdomain.com',
),
Change the domain on the `mail` attribute (when new domain is known):
10 => array(
'class' => 'core:AttributeAlter',
'subject' => 'mail',
'pattern' => '/(?:[A-Za-z0-9-]+\.)+[A-Za-z]{2,6}$/',
'replacement' => 'newdomain.com',
),
Set the eduPersonPrimaryAffiliation based on users distinguishedName:
10 => array(
'class' => 'core:AttributeAlter',
'subject' => 'dn',
'pattern' => '/OU=Staff/',
'replacement' => 'staff',
'target' => 'eduPersonPrimaryAffiliation',
),
Normalize the eduPersonPrimaryAffiliation:
10 => array(
'class' => 'core:AttributeAlter',
'subject' => 'eduPersonPrimaryAffiliation',
'pattern' => '/Student in school/',
'replacement' => 'student',
'%replace',
),
Get the domain of the email and put it in a separate attribute:
10 => array(
'class' => 'core:AttributeAlter',
'subject' => 'mail',
'pattern' => '/(?:[A-Za-z0-9-]+\.)+[A-Za-z]{2,6}$/',
'target' => 'domain',
'%replace',
),
Defaulting an attribute to one value (Add it with the default before altering) unless another attribute meets a condition:
10 => array ('class' => 'core:AttributeAdd',
'myAttribute' => 'default-value'),
11 => array ('class' => 'core:AttributeAlter',
'subject' => 'entitlement',
'pattern' => '/faculty/',
'target' => 'myAttribute',
'%replace',
),
Remove internal, private values from eduPersonEntitlement:
10 => array(
'class' => 'core:AttributeAlter',
'subject' => 'eduPersonEntitlement',
'pattern' => '/ldap-admin/',
'%remove',
),
Set a value to be blank (which will be sent as an empty string):
10 => array(
'class' => 'core:AttributeAlter',
'subject' => 'cn',
'pattern' => '/No name/',
'replacement' => '',
'%replace',
),
Set a value to be NULL (which will be sent as a NULL value):
10 => array(
'class' => 'core:AttributeAlter',
'subject' => 'telephone',
'pattern' => '/NULL/',
'replacement' => null,
'%replace',
),
|