Configuration

A sample configuration in XML, JSON, and YAML format.

XML

ldap.config.xml

<?xml version="1.0" encoding="UTF-8"?>
<pip:configuration xmlns:pip="http://www.axiomatics.com/ldap.config" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  xsi:schemaLocation="http://www.axiomatics.com/ldap.config ldap.config.xsd ">
  <pip:connnection>
    <pip:key name="java.naming.factory.initial" value="com.sun.jndi.ldap.LdapCtxFactory"/>
    <pip:key name="java.naming.security.credentials" value="secret"/>
    <pip:key name="java.naming.security.principal" value="uid=admin,ou=system"/>
    <pip:key name="java.naming.security.authentication" value="simple"/>
    <pip:key name="java.naming.provider.url" value="ldap://10.0.1.196:10389"/>
  </pip:connnection>
  <pip:mapping>
    <pip:xacmlAttribute AttributeId="employeeType" Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" DataType="http://www.w3.org/2001/XMLSchema#string" Issuer=""/>
    <pip:nativeAttribute>
      <pip:searchSelection>sn</pip:searchSelection>
      <pip:searchBase>dc=axiomatics,dc=com</pip:searchBase>
      <pip:searchScope>2</pip:searchScope>
      <pip:searchFilter>cn=?</pip:searchFilter>
      <pip:key allowMultiple="false">
        <pip:xacmlAttribute AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id" Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" DataType="http://www.w3.org/2001/XMLSchema#string" Issuer=""/>
      </pip:key>
    </pip:nativeAttribute>
  </pip:mapping>
</pip:configuration>

JSON

JSON configuration files offer the option to use either ALFA or XACML for attribute definitions.

XACML

ldap.config.json

{
  "connection": {
    "keys": [
      {
        "name": "java.naming.factory.initial",
        "value": "com.sun.jndi.ldap.LdapCtxFactory"
      },
      {
        "name": "java.naming.security.credentials",
        "value": "secret"
      },
      {
        "name": "java.naming.security.principal",
        "value": "uid=admin,ou=system"
      },
      {
        "name": "java.naming.security.authentication",
        "value": "simple"
      },
      {
        "name": "java.naming.provider.url",
        "value": "ldap://10.0.1.196:10389"
      }
    ]
  },
  "mappings": [
    {
      "xacmlAttribute": {
        "attributeId": "employeeType",
        "category": "urn:oasis:names:tc:xacml:1.0:subject-category:access-subject",
        "datatype": "http://www.w3.org/2001/XMLSchema#string",
        "issuer": ""
      },
      "nativeAttribute": {
        "searchSelection": "sn",
        "searchBase": "dc=axiomatics,dc=com",
        "searchScope": 2,
        "searchFilter": "cn=?",
        "key": {
          "allowMultiple": false,
          "xacmlAttributes": [
            {
              "attributeId": "urn:oasis:names:tc:xacml:1.0:subject:subject-id",
              "category": "urn:oasis:names:tc:xacml:1.0:subject-category:access-subject",
              "datatype": "http://www.w3.org/2001/XMLSchema#string",
              "issuer": ""
            }
          ]
        }
      }
    }
  ]
}

ALFA

ldap.config.alfa.json

{
  "connection": {
    "keys": [
      {
        "name": "java.naming.factory.initial",
        "value": "com.sun.jndi.ldap.LdapCtxFactory"
      },
      {
        "name": "java.naming.security.credentials",
        "value": "secret"
      },
      {
        "name": "java.naming.security.principal",
        "value": "uid=admin,ou=system"
      },
      {
        "name": "java.naming.security.authentication",
        "value": "simple"
      },
      {
        "name": "java.naming.provider.url",
        "value": "ldap://10.0.1.196:10389"
      }
    ]
  },
  "mappings": [
    {
      "attributeName": "employeeType",
      "nativeAttribute": {
        "searchSelection": "sn",
        "searchBase": "dc=axiomatics,dc=com",
        "searchScope": 2,
        "searchFilter": "cn=?",
        "key": {
          "allowMultiple": false,
          "attributeNames": [
            "subjectId"
          ]
        }
      }
    }
  ]
}

YAML

YAML configuration files offer the option to use either ALFA or XACML for attribute definitions.

XACML

ldap.config.yaml

connection:
  keys:
    - name: java.naming.factory.initial
      value: com.sun.jndi.ldap.LdapCtxFactory
    - name: java.naming.security.credentials
      value: secret
    - name: java.naming.security.principal
      value: uid=admin,ou=system
    - name: java.naming.security.authentication
      value: simple
    - name: java.naming.provider.url
      value: ldap://10.0.1.196:10389
mappings:
  - xacmlAttribute:
      attributeId: employeeType
      category: urn:oasis:names:tc:xacml:1.0:subject-category:access-subject
      datatype: http://www.w3.org/2001/XMLSchema#string
      issuer: ""
    nativeAttribute:
      searchSelection: sn
      searchBase: dc=axiomatics,dc=com
      searchScope: 2
      searchFilter: cn=?
      key:
        allowMultiple: false
        xacmlAttributes:
          - attributeId: urn:oasis:names:tc:xacml:1.0:subject:subject-id
            category: urn:oasis:names:tc:xacml:1.0:subject-category:access-subject
            datatype: http://www.w3.org/2001/XMLSchema#string
            issuer: ""

ALFA

ldap.config.alfa.yaml

connection:
  keys:
    - name: java.naming.factory.initial
      value: com.sun.jndi.ldap.LdapCtxFactory
    - name: java.naming.security.credentials
      value: secret
    - name: java.naming.security.principal
      value: uid=admin,ou=system
    - name: java.naming.security.authentication
      value: simple
    - name: java.naming.provider.url
      value: ldap://10.0.1.196:10389
mappings:
  - attributeName: employeeType
    nativeAttribute:
      searchSelection: sn
      searchBase: dc=axiomatics,dc=com
      searchScope: 2
      searchFilter: cn=?
      key:
        allowMultiple: false
        attributeNames:
          - subjectId