Version: 3.1
Category: Process
Extended Category: LDAP
Action Package: Standard Actions
Description
Find object in LDAP data source by matching a session attribute to an LDAP attribute.
|
Parameter |
Description |
Example |
|
Target Data Source |
[Optional] Select an LDAP data source |
Production AD |
|
Search Base DN |
[Optional] The search base for matching objects. Supports SESSION() and GLOBAL(). |
ou=User,O=Company |
|
Search Scope (SUB, ONE, BASE) |
[Optional] The search scope SUB, ONE or BASE (default: SUB). |
ONE |
|
Match Session Attribute |
[Optional] The session object attribute to match against LDAP. |
uid |
|
Match LDAP Attribute |
[Optional] The LDAP object attribute to match against the session object. |
samaccountname |
|
Match Attribute Syntax (text/binary) |
[Optional] The syntax of the value in the Match Session Attribute. (text/binary) Default: text. |
binary |
|
Optional Search Filter |
[Optional] An optional LDAP search filter to append. Supports SESSION() and GLOBAL(). |
objectclass=group |
|
Make Optional Search Filter LDAP Safe (true/false) |
[Optional] If using a SESSION() value in the Optional Search Filter, the value might contain characters that will break the LDAP Query. Examples are ( ) * /. Set to true if those characters should be replaced with their ASCII code, and false to not replace the characters. Default: true. |
false |
|
Matched DN Session Attribute |
[Optional] The attribute where the matched LDAP object DN should be placed, Default: The session object name. |
MatchedDN |
|
DN for New Objects |
[Optional] The DN for new objects. Use SESSION(attributeName). |
cn=SESSION(cn),ou=users,o=company |
|
Remove Session Object if No Match (false/true) |
[Optional] true=If no match, remove the session object. false=Keep object when no match (default: false). |
true |
|
Remove Session Object if Match (false/true) |
[Optional] true=If match, remove the session object. false=Keep object when match (default: false). |
true |
|
Allow Multiple Match (false/true) |
[Optional] If multiple matches are allowed, require a specified “Matched DN Session Attribute” (default: false). |
true |
|
Error Message Attribute |
[OPTIONAL] If a failure occurs, place any error message into this attribute. Leave blank to ignore |
errorMessage |
|
Get Attributes |
[OPTIONAL] The attributes (comma separated) that should be fetched from the LDAP object, if it is found. Can not be used with multiple matches. Use | to give the attribute another name. Supports SESSION() and GLOBAL(). |
givenName|matchedUserGivenName, sn|matchedUserSn |
Use Cases
Example 1: Match user object to AD
Match the session user object to an account in Active Directory. If no match the the session user object will be updated with a new attribute AD-DN and the session object will be flagged as “isNew”.
The attribute AD-DN will be used by another action to set where the user object should be created.
|
Parameter |
Value |
|
Target Data Source |
Active Directory |
|
Search Base DN |
OU=NEW Users,DC=company,DC=local |
|
Search Scope (SUB, ONE, BASE) |
[BLANK] |
|
Match Session Attribute |
sAMAccountName |
|
Match LDAP Attribute |
sAMAccountName |
|
Match Attribute Syntax (text/binary) |
[BLANK] |
|
Optional Search Filter |
objectClass=group |
|
Make Optional Search Filter LDAP Safe (true/false) |
[BLANK] |
|
Matched DN Session Attribute |
AD-DN |
|
DN for New Objects |
cn=SESSION(cn),OU=NEW Users,DC=company,DC=local |
|
Remove Session Object if No Match (false/true) |
[BLANK] |
|
Remove Session Object if Match (false/true) |
[BLANK] |
|
Allow Multiple Match (false/true) |
[BLANK] |
|
Error Message Attribute |
errorMessage |
|
Get Attributes |
[BLANK] |
DISCLAIMER
Information provided in this document is for your information only. PhenixID makes no explicit or implied claims to the validity of this information. Any trademarks referenced in this document are the property of their respective owners.The origin of this information may be internal or external to PhenixID. PhenixID makes all reasonable efforts to verify this information.
PhenixID - support.phenixid.se