In this series of posts I’m going to explore some of the virtualization features of OUD with virtual attributes and transformations. Rather than going into explanations of all the various options, I’m simply going to post a few use case examples and how to do them. If you want, you can explore the detailed documentation right here.

Use Case 1 – Generate a Display Name

In this scenario we want to generate a read-only displayName attribute that is computed in the format of ‘Last, First’ based on sn and givenName. This attribute does not really exist in the data store, it is computed on the fly when a client requests an object.

Here’s what our entry looks like to start:
LDAP

First, we set up the transformation:

./dsconfig create-transformation \
  --set client-attribute:displayName=%sn%, %givenName% \
  --type add-outbound-attribute \
  --transformation-name displayName

Then we create a workflow element that uses our transformation:

./dsconfig create-workflow-element \
  --set enabled:true \
  --set next-workflow-element:userRoot \
  --set transformation:displayName \
  --type transformations \
  --element-name displayName \

And finally we insert the workflow element into the main workflow:

./dsconfig set-workflow-prop \
  --workflow-name userRoot0 \
  --set workflow-element:displayName \

Simply refreshing the entry (no reboot necessary) now gives us the new attribute:

Now, what if there was already a value in there, or if you want to override this behavior and set your own value? We can specify a conflict-behavior property in our transformation and tell OUD how to behave. By default it will ‘merge-real-and-virtual’, meaning if you were to edit the generated displayName, you will end up with two displayName values (since displayName is a multi-valued attribute). To change this, we simply need to set conflict-behavior to real-overrides-virtual:


./dsconfig set-transformation-prop
--set conflict-behavior:real-overrides-virtual
--transformation-name displayName

Important! Mind your Workflow execution order!

Please note that the above commands will change the execution order of your UserRoot0 workflow. What we have done here is modified UserRoot0 to call our 'displayName' workflow-element, which then calls the default 'userRoot' workflow-element. If you need to undo this, or add more elements, you must make sure you tie everything together properly.