LDAPGroupFiltering

Valve for filtering groups from an LDAP Directory. Most commonly used with Microsoft Active Directory.

Valve operates on the Current Item Set.

Properties

Name Description Default value Mandatory Supports property expansion
connection_ref Id of LDAP connection. Used for 'translating' DN to samAccountName. No No
separator Separator for the filtered groups. , No No
prefix Prefix for the generated filtered groups list. No No
groups_to_add List of groups to add. Value '*' adds all groups. Value 'VPN-*' adds all groups starting with 'VPN-'. Value '*users' adds all groups ending with 'users'. Value '*mana*' adds all groups containing 'mana'. Yes No
group_attribute Property containing the groups. memberOf Yes No
response_attribute_name Property to contain the filtered list of groups. Yes No

Example Configuration

{
   "name": "LDAPGroupFiltering",
   "config": { 
      "connection_ref":"b0f2ddff-9585-47c5-9286-2bee2b731197",
      "separator":",",
      "prefix":"GroupName:",
      "response_attribute_name":"filtered_groups",
      "group_attribute":"memberOf",
      "groups_to_add":"VPN-user,VPN-Helpdesk"
   }
}

Requirements

Item set must have at least one entry.