Operational Attribute
Introduction
Starting version 1.1 Penrose supports operational attributes such as creatorsName, createTimestamp, modifiersName, and modifyTimestamp.
By default the operational attributes are disabled. To enable operational attributes you need to prepare a storage and configure a module.
Configuring Operational Attributes
Add the fields to store the operational attributes in the sources.xml:
<source name="users"> <connection-name>MySQL</connection-name> <field name="username" primaryKey="true"/> <field name="firstName"/> <field name="lastName"/> <field name="password"/> <field name="creatorsName"/> <field name="createTimestamp" type="DATETIME"/> <field name="modifiersName"/> <field name="modifyTimestamp" type="DATETIME"/> <parameter> <param-name>tableName</param-name> <param-value>users</param-value> </parameter> </source>
Then configure the operational attributes in mapping.xml:
<entry dn="uid=...,ou=Users,dc=Operational Attribute,dc=Example,dc=com"> <oc>person</oc> <oc>organizationalPerson</oc> <oc>inetOrgPerson</oc> ... other attributes ... <at name="creatorsName" operational="true"> <variable>u.creatorsName</variable> </at> <at name="createTimestamp" operational="true"> <expression> import org.safehaus.penrose.operationalAttribute.*; if (u == void || u == null) return; if (u.createTimestamp == void || u.createTimestamp == null) return null; return OperationalAttribute.formatDate(u.createTimestamp); </expression> </at> <at name="modifiersName" operational="true"> <variable>u.modifiersName</variable> </at> <at name="modifyTimestamp" operational="true"> <expression> import org.safehaus.penrose.operationalAttribute.*; if (u == void || u == null) return; if (u.modifyTimestamp == void || u.modifyTimestamp == null) return null; return OperationalAttribute.formatDate(u.modifyTimestamp); </expression> </at> </entry>
Then configure the reverse mappings for the operational attributes in the same entry:
<entry dn="uid=...,ou=Users,dc=Operational Attribute,dc=Example,dc=com"> <source name="u"> <source-name>users</source-name> ... other fields ... <field name="creatorsName"> <variable>creatorsName</variable> </field> <field name="createTimestamp"> <expression> import org.safehaus.penrose.operationalAttribute.*; if (createTimestamp == void || createTimestamp == null) return null; return OperationalAttribute.parseDate(createTimestamp); </expression> </field> <field name="modifiersName"> <variable>modifiersName</variable> </field> <field name="modifyTimestamp"> <expression> import org.safehaus.penrose.operationalAttribute.*; if (modifyTimestamp == void || modifyTimestamp == null) return null; return OperationalAttribute.parseDate(modifyTimestamp); </expression> </field> </source> </entry>
Finally, configure the OperationalAttributeModule in modules.xml:
<module name="OperationalAttributeModule">
<module-class>org.safehaus.penrose.operationalAttribute.OperationalAttributeModule</module-class>
</module>
<module-mapping>
<module-name>OperationalAttributeModule</module-name>
<base-dn>dc=Operational Attribute,dc=Example,dc=com</base-dn>
<filter>(objectClass=*)</filter>
<scope>SUBTREE</scope>
</module-mapping>
This module will generate the values of the operational attributes on add, modify, and modrdn operations.
Example
The example files are available in PENROSE_SERVER_HOME/samples/operational directory.
Create a new partition by copying the configuration files in PENROSE_SERVER_HOME/samples/operational/partition into a new PENROSE_SERVER_HOME/partitions/operational directory.
Then register the new partition in PENROSE_SERVER_HOME/conf/server.xml:
<partition name="operational" path="partitions/operational"/>
Add an entry:
ldapadd -h localhost -p 10389 -D uid=admin,ou=system -w secret -x dn: uid=test,ou=Users,dc=Operational Attribute,dc=Example,dc=com objectClass: inetOrgPerson objectClass: organizationalPerson objectClass: person uid: test userPassword: test sn: User cn: Test User
Search the operational attributes:
ldapsearch -h localhost -p 10389 -D uid=admin,ou=system -w secret -x -b "dc=Operational Attribute,dc=Example,dc=com" \* +
dn: uid=test,ou=Users,dc=Operational Attribute,dc=Example,dc=com
modifiersName: uid=admin,ou=system
creatorsName: uid=admin,ou=system
sn: User
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: person
uid: test
cn: Secret User
modifyTimestamp: 20061004231152Z
createTimestamp: 20061004231050Z
userPassword:: c2VjcmV0