Package com.nimbusds.common.ldap

Class AttributeMapper

  • public class AttributeMapper
extends Object
    LDAP attribute mapper. Maps an LDAP entry to a JSON object (and vice versa), supports attribute renaming and type conversion.

    Transformation map specification:

    • Each map entry specifies the transformation of a single LDAP attribute to / from a JSON object member.
    • The map key represents the JSON object member name. May contain a single dot to specify a nested JSON object member.
    • The map value is a map of the following properties:
      • The "ldapAttr" property specifies the LDAP attribute name.
      • The "ldapValue" property specifies a constant value that is always returned instead of looking up the "ldapAttr" property.
      • The optional "ldapType" property specifies the LDAP attribute type: "string", "time" or "boolean", defaults to "string".
      • The optional "jsonType" property specifies the JSON value type: "string", "string-array", "int", "long", "boolean" or "object", defaults to "string".
      • The optional "langTag" property specifies if the "string" values may be language-tagged: true or false, defaults to false.
      • The optional "reMatch" property specifies a regular expression matching pattern to apply to the LDAP attribute values. Must contain one matching group. Applies only to LDAP attributes of type "string".
      • The optional "split" property, if set to true, causes a JSON string value to be split at each space character and converted to multiple LDAP attribute values. On reverse transformation the multiple LDAP attribute values are joined by a space character into a single JSON string. Applies only to LDAP attributes of type "string".
      • The optional "default" property causes an attribute to be skipped if its value matches the default one.

    The "time" LDAP attribute type is defined in RFC 4517, section 3.3.13. Can only be mapped to positive long integer JSON values representing the number of milliseconds since the Unix epoch.

    Example transformation map (as JSON object): 

     {
   "email"    : { "ldapAttr" : "mail" },
   "age"      : { "ldapAttr" : "personAge", "jsonType" : "int" },
   "name"     : { "ldapAttr" : "cn", "langTag" : true },
   "active"   : { "ldapAttr" : "accountActive", "jsonType" : "boolean" },
   "updated"  : { "ldapAttr" : "updateTime", "ldapType" : "time", "jsonType" : "long" },
   "groups"   : { "ldapAttr" : "isMemberOf", "jsonType" : "string-array", "reMatch" : "cn=([a-zA-Z_0-9 ]+),.*" },
   "scope"    : { "ldapAttr" : "scopeValues", "split" : true },
   "verified" : { "ldapValue" : "TRUE", "jsonType" : "boolean" },
   "geo.lat"  : { "ldapAttr" : "latitude" },
   "geo.long" : { "ldapAttr" : "longitude" }
 }

    • Constructor Detail

    • Method Detail

      • getLDAPAttributeNames

        public String[] getLDAPAttributeNames()
        Gets the names of the LDAP attributes in the transformation map.
        Returns:
        The names of LDAP attributes in the transformation map, empty array if none.

      • getLDAPAttributeNames

        public List<StringgetLDAPAttributeNames​(List<String> keys)
        Gets the names of the LDAP attributes in the transformation map that match the specified JSON object member keys.
        Parameters:
        keys - The JSON object member keys. Must not be null.
        Returns:
        The names of the matching LDAP attributes, as a unmodifiable list, empty list if none.

      • getLDAPAttributeName

        public String getLDAPAttributeName​(String key)
        Gets the name of the LDAP attribute in the transformation map that matches the specified JSON object member key.
        Parameters:
        key - The JSON object member key. Must not be null.
        Returns:
        The name of the matching LDAP attribute, null if not found.

      • transform

        public net.minidev.json.JSONObject transform​(com.unboundid.ldap.sdk.Entry ldapEntry)
        Transforms the specified LDAP entry. Any transformation exceptions are silently ignored.
        Parameters:
        ldapEntry - The LDAP entry to transform. Must not be null.
        Returns:
        The resulting JSON object.

      • transform

        public net.minidev.json.JSONObject transform​(Map<String,​Object> in)
        Transforms the specified java.util.Map representation of an LDAP entry. Any transformation exceptions are silently ignored.

        Note: Language tags are not handled by this method.

        Parameters:
        in - The input map, as returned by JSONResultFormatter, to transform. Must not be null.
        Returns:
        The resulting JSON object.

      • reverseTransform

        public List<com.unboundid.ldap.sdk.Attribute> reverseTransform​(net.minidev.json.JSONObject jsonObject)
        Performs a reverse transformation of the specified JSON object representation of an LDAP entry. Any transformation exceptions are silently ignored.
        Parameters:
        jsonObject - The JSON object to transform in reverse. Must not be null.
        Returns:
        The resulting LDAP attributes for the entry.