6147N/A{
6147N/A // The Rest2LDAP authentication filter configuration. The filter will be
6147N/A // disabled if the configuration is not present. Upon successful
6147N/A // authentication the filter will create a security context containing the
6147N/A // following principals:
6147N/A //
6147N/A // "dn" - the DN of the user if known (may not be the case for sasl-plain)
6147N/A // "id" - the username used for authentication.
6147N/A "authenticationFilter" : {
6147N/A // Indicates whether the filter should allow HTTP BASIC authentication.
6147N/A "supportHTTPBasicAuthentication" : true,
6147N/A
6147N/A // Indicates whether the filter should allow alternative authentication
6147N/A // and, if so, which HTTP headers it should obtain the username and
6147N/A // password from.
6147N/A "supportAltAuthentication" : true,
6147N/A "altAuthenticationUsernameHeader" : "X-OpenIDM-Username",
6147N/A "altAuthenticationPasswordHeader" : "X-OpenIDM-Password",
6147N/A
6163N/A // The search parameters to use for "search-simple" authentication. The
6163N/A // %s filter format parameters will be substituted with the
6163N/A // client-provided username, using LDAP filter string character escaping.
6147N/A "searchBaseDN" : "ou=people,dc=example,dc=com",
6147N/A "searchScope" : "sub", // Or "one".
6147N/A "searchFilterTemplate" : "(&(objectClass=inetOrgPerson)(uid=%s))"
6147N/A
6147N/A // TODO: support for HTTP sessions?
6147N/A },
6147N/A
6147N/A // The Rest2LDAP Servlet configuration.
6147N/A "servlet" : {
6147N/A // The REST APIs and their LDAP attribute mappings.
6147N/A "mappings" : {
6147N/A "/users" : {
6183N/A "baseDN" : "ou=people,dc=example,dc=com",
6183N/A "readOnUpdatePolicy" : "controls",
6183N/A "useSubtreeDelete" : false,
6183N/A "usePermissiveModify" : true,
6183N/A "etagAttribute" : "etag",
6183N/A "namingStrategy" : {
6183N/A "strategy" : "clientDNNaming",
6163N/A "dnAttribute" : "uid"
6163N/A },
6147N/A "additionalLDAPAttributes" : [
6147N/A {
6147N/A "type" : "objectClass",
6147N/A "values" : [
6147N/A "top",
6147N/A "person",
6147N/A "organizationalPerson",
6147N/A "inetOrgPerson"
6147N/A ]
6147N/A }
6147N/A ],
6147N/A "attributes" : {
6147N/A "schemas" : { "constant" : [ "urn:scim:schemas:core:1.0" ] },
6147N/A "_id" : { "simple" : { "ldapAttribute" : "uid", "isSingleValued" : true, "isRequired" : true, "writability" : "createOnly" } },
6147N/A "_rev" : { "simple" : { "ldapAttribute" : "etag", "isSingleValued" : true, "writability" : "readOnly" } },
6147N/A "userName" : { "simple" : { "ldapAttribute" : "mail", "isSingleValued" : true, "writability" : "readOnly" } },
6147N/A "displayName" : { "simple" : { "ldapAttribute" : "cn", "isSingleValued" : true, "isRequired" : true } },
6147N/A "name" : { "object" : {
6147N/A "givenName" : { "simple" : { "ldapAttribute" : "givenName", "isSingleValued" : true } },
6147N/A "familyName" : { "simple" : { "ldapAttribute" : "sn", "isSingleValued" : true, "isRequired" : true } }
6147N/A } },
6147N/A "manager" : { "reference" : {
6147N/A "ldapAttribute" : "manager",
6147N/A "baseDN" : "ou=people,dc=example,dc=com",
6147N/A "primaryKey" : "uid",
6147N/A "mapper" : { "object" : {
6147N/A "_id" : { "simple" : { "ldapAttribute" : "uid", "isSingleValued" : true, "isRequired" : true } },
6147N/A "displayName" : { "simple" : { "ldapAttribute" : "cn", "isSingleValued" : true, "writability" : "readOnlyDiscardWrites" } }
6147N/A } }
6147N/A } },
6147N/A "groups" : { "reference" : {
6147N/A "ldapAttribute" : "isMemberOf",
6147N/A "baseDN" : "ou=groups,dc=example,dc=com",
6147N/A "writability" : "readOnly",
6147N/A "primaryKey" : "cn",
6147N/A "mapper" : { "object" : {
6147N/A "_id" : { "simple" : { "ldapAttribute" : "cn", "isSingleValued" : true } }
6147N/A } }
6147N/A } },
6147N/A "contactInformation" : { "object" : {
6147N/A "telephoneNumber" : { "simple" : { "ldapAttribute" : "telephoneNumber", "isSingleValued" : true } },
6147N/A "emailAddress" : { "simple" : { "ldapAttribute" : "mail", "isSingleValued" : true } }
6147N/A } },
6147N/A "meta" : { "object" : {
6147N/A "created" : { "simple" : { "ldapAttribute" : "createTimestamp", "isSingleValued" : true, "writability" : "readOnly" } },
6147N/A "lastModified" : { "simple" : { "ldapAttribute" : "modifyTimestamp", "isSingleValued" : true, "writability" : "readOnly" } }
6147N/A } }
6147N/A }
6147N/A },
6147N/A "/groups" : {
6183N/A "baseDN" : "ou=groups,dc=example,dc=com",
6183N/A "readOnUpdatePolicy" : "controls",
6183N/A "useSubtreeDelete" : false,
6183N/A "usePermissiveModify" : true,
6183N/A "etagAttribute" : "etag",
6183N/A "namingStrategy" : {
6183N/A "strategy" : "clientDNNaming",
6163N/A "dnAttribute" : "cn"
6163N/A },
6147N/A "additionalLDAPAttributes" : [
6147N/A {
6147N/A "type" : "objectClass",
6147N/A "values" : [
6147N/A "top",
6147N/A "groupOfUniqueNames"
6147N/A ]
6147N/A }
6147N/A ],
6147N/A "attributes" : {
6147N/A "schemas" : { "constant" : [ "urn:scim:schemas:core:1.0" ] },
6147N/A "_id" : { "simple" : { "ldapAttribute" : "cn", "isSingleValued" : true, "isRequired" : true, "writability" : "createOnly" } },
6147N/A "_rev" : { "simple" : { "ldapAttribute" : "etag", "isSingleValued" : true, "writability" : "readOnly" } },
6147N/A "displayName" : { "simple" : { "ldapAttribute" : "cn", "isSingleValued" : true, "isRequired" : true, "writability" : "readOnly" } },
6147N/A "members" : { "reference" : {
6147N/A "ldapAttribute" : "uniqueMember",
6147N/A "baseDN" : "dc=example,dc=com",
6147N/A "primaryKey" : "uid",
6147N/A "mapper" : { "object" : {
6147N/A "_id" : { "simple" : { "ldapAttribute" : "uid", "isSingleValued" : true, "isRequired" : true } },
6147N/A "displayName" : { "simple" : { "ldapAttribute" : "cn", "isSingleValued" : true, "writability" : "readOnlyDiscardWrites" } }
6147N/A } }
6147N/A } },
6147N/A "meta" : { "object" : {
6147N/A "created" : { "simple" : { "ldapAttribute" : "createTimestamp", "isSingleValued" : true, "writability" : "readOnly" } },
6147N/A "lastModified" : { "simple" : { "ldapAttribute" : "modifyTimestamp", "isSingleValued" : true, "writability" : "readOnly" } }
6147N/A } }
6147N/A }
6147N/A }
6147N/A }
6147N/A }
6147N/A}
6147N/A