informatique:reseau:ldap:constraint

Ceci est une ancienne révision du document !

Module constraint

Installation

Il faut simplement charger le module constraint : 

ldapmodify -Y EXTERNAL -H ldapi:/// << EOF
dn: cn=module{0},cn=config
changetype: modify
add: olcModuleLoad
olcModuleLoad: constraint
EOF

Configuration

Il faut ensuite configurer les contraintes pour votre database : 

ldapadd -Y EXTERNAL -H ldapi:/// << EOF
dn: olcOverlay={3}constraint,olcDatabase={1}mdb,cn=config
objectClass: olcOverlayConfig
objectClass: olcConstraintConfig
olcOverlay: {3}constraint
olcConstraintAttribute: uid count 1
EOF

L'exemple ci-dessus ajoute une contrainte sur le nombre de valeur de l'attribut uid dans votre database (une seule valeur autorisée).

Ci-dessous quelques exemples de contraintes configurables sur un annuaire SUPANN : 

olcConstraintAttribute: cn count 1 restrict="ldap:///ou=people,dc=univ,dc=fr??sub?(objectClass=inetOrgPerson)"
olcConstraintAttribute: cn regex "^[-A-Za-z0-9 ]*$" restrict="ldap:///dc=univ,dc=fr??base?(objectClass=*)"
olcConstraintAttribute: cn regex "^[-A-Za-z0-9 ]*$" restrict="ldap:///ou=groups,dc=univ,dc=fr??sub?(objectClass=*)"
olcConstraintAttribute: dc regex "^[a-z0-9-]*$"
olcConstraintAttribute: displayName count 1 restrict="ldap:///ou=people,dc=univ,dc=fr??sub?(objectClass=inetOrgPerson)"
olcConstraintAttribute: eduOrgHomePageURI count 1
olcConstraintAttribute: eduOrgHomePageURI,eduOrgSuperiorURI,eduOrgWhitePagesURI,labeledURI regex "^https?://.+$"
olcConstraintAttribute: eduOrgLegalName count 1
olcConstraintAttribute: eduPersonAffiliation regex "^(student|faculty|staff|employee|member|affiliate|alum|library-walk-in|researcher|retired|emeritus|teacher|registered-reader)$"
olcConstraintAttribute: eduPersonOrgDN count 1 restrict="ldap:///ou=people,dc=univ,dc=fr??sub?(objectClass=inetOrgPerson)"
olcConstraintAttribute: eduPersonOrgDN uri ldap:///dc=univ,dc=fr?entryDN?sub?(objectClass=eduOrg)
olcConstraintAttribute: eduPersonOrgUnitDN,eduPersonPrimaryOrgUnitDN uri ldap:///ou=structures,dc=univ,dc=fr?entryDN?sub?(objectClass=supannEntite)
olcConstraintAttribute: eduPersonPrincipalName,mail,supannAutreMail,supannMailPerso,supannCMSSource,supannCMSAppIdDomaine,eduPersonUniqueId,eduPersonPrincipalName,eduPersonPrincipalNamePrior,mailForwardingAddress regex "^.+@.+$"
olcConstraintAttribute: givenName count 1 restrict="ldap:///ou=people,dc=univ,dc=fr??sub?(objectClass=inetOrgPerson)"
olcConstraintAttribute: homePhone count 1 restrict="ldap:///ou=people,dc=univ,dc=fr??sub?(objectClass=inetOrgPerson)"
olcConstraintAttribute: mail count 1 restrict="ldap:///ou=people,dc=univ,dc=fr??sub?(objectClass=inetOrgPerson)"
olcConstraintAttribute: member,owner,supannGroupeAdminDN,supannGroupeLecteurDN uri ldap:///dc=univ,dc=fr?entryDN?sub?(|(objectClass=supannPerson)(objectClass=supannGroupe)) restrict="ldap:///ou=groups,dc=univ,dc=fr??sub?(objectClass=supannGroupe)"
olcConstraintAttribute: o,description count 1 restrict="ldap:///dc=univ,dc=fr??sub?(objectClass=organization)"
olcConstraintAttribute: ou,description count 1 restrict="ldap:///dc=univ,dc=fr??sub?(objectClass=organizationalUnit)"
olcConstraintAttribute: sn count 1 restrict="ldap:///ou=people,dc=univ,dc=fr??sub?(objectClass=inetOrgPerson)"
olcConstraintAttribute: supannCMSAppAffectation regex "^\[type=(etudiant|personnel|visiteur|invite|lecteur|prestataire|vehicule|externe|\{[^}]+\}[^]]+)\]\[source=[^@\]]+@[^]]+\]\[domaine=[^]]+\]\[id=[^]]+\]\[valide=(vrai|faux)\](\[datefin=[0-9]{14}(Z|\+[0-9]{4})\])?$"
olcConstraintAttribute: supannCMSIdEtiquette regex "^\{[^:]+:[^}]+\}.+$"
olcConstraintAttribute: supannCMSType regex "^(etudiant|personnel|visiteur|invite|lecteur|prestataire|vehicule|externe|\{[^}]+\}[^]]+)$"
olcConstraintAttribute: supannCivilite regex "^(M.|Mme|Mlle)$"
olcConstraintAttribute: supannCodeEntiteParent,supannEntiteAffectation,supannEntiteAffectationPrincipale uri  ldap:///ou=structures,dc=univ,dc=fr?supannCodeEntite?sub?(objectClass=supannEntite)
olcConstraintAttribute: supannCodeINE count 1
olcConstraintAttribute: supannCodeINE regex "^([0-9]{10}[A-Z]|[0-9]{9}[A-Z]{2})$"
olcConstraintAttribute: supannCodeINSEEPaysDeNaissance regex "^[0-9]{5}$"
olcConstraintAttribute: supannCodeINSEEVilleDeNaissance regex "^[0-9]{5}$"
olcConstraintAttribute: supannConsentement regex "^\{[^\:\}]+(\:[^\:\}]+)*\}(PUBLIC|AUTH|PR|APPRENANTS|INTERNE|FER|EDUGAIN|(EDUGAIN|FER)\:[^\:]+\:[^\:]+|CGU|APPLI\:.+|[a-zA-Z0-9]+\:.+|LDAP\:\/\/([^\:\/]+(\:[0-9]+)?)?\/[^\?]+\?\?(sub|base|one)?.+)$"
olcConstraintAttribute: supannEmpCorps count 1
olcConstraintAttribute: supannEmpId count 1
olcConstraintAttribute: supannEmpProfil regex "^\[etab=\{[^}]+\}[^]]+\](\[affil=(student|faculty|staff|employee|member|affiliate|alum|library-walk-in|researcher|retired|emeritus|teacher|registered-reader)\])?(\[corps=\{[^}]+\}[^]]+\])?(\[typeaffect=\{[^}]+\}[^]]+\])?(\[affect=[^]]+\])?(\[activite=\{[^}]+\}[^]]+\])?(\[population=\{[^}]+\}[^]]+\])?(\[datefin=[0-9]{14}(Z|\+[0-9]{4})\])?$"
olcConstraintAttribute: supannEtablissement,supannEtuDiplome,supannEtuElementPedagogique,supannEtuEtape,supannEtuRegimeInscription,supannEtuSecteurDisciplinaire,supannEtuTypeDiplome,supannRoleGenerique,supannTypeEntiteAffectation,supannEmpCorps,supannRefId regex "^\{[^}]+\}[^]]+$"
olcConstraintAttribute: supannEtuAnneeInscription regex "^[0-9][0-9][0-9][0-9]$"
olcConstraintAttribute: supannEtuId count 1
olcConstraintAttribute: supannEtuInscription regex "^\[etab=\{[^}]+\}[^]]+\]\[anneeinsc=[0-9]{4}\]\[regimeinsc=\{[^}]+\}[^]]+\]\[sectdisc=\{[^}]+\}[^]]+\]\[typedip=\{[^}]+\}[^]]+\]\[cursusann=\{[^}]+\}[^]]+\](\[affect=[^\]]+\])?(\[diplome=\{[^}]+\}[^]]+\])?(\[etape=\{[^}]+\}[^]]+\])?(\[eltpedago=\{[^}]+\}[^]]+\])?(\[population=\{[^}]+\}[^]]+\])?(\[datefin=[0-9]{14}(Z|\+[0-9]{4})\])?$"
olcConstraintAttribute: supannExtProfil regex "^(\[etab=\{[^}]+\}[^]]+\])?(\[affil=(student|faculty|staff|employee|member|affiliate|alum|library-walk-in|researcher|retired|emeritus|teacher|registered-reader)\])?(\[typeaffect=\{[^}]+\}[^]]+\])?(\[affect=[^]]+\])?(\[parrain=[^]]+\])?(\[activite=\{[^}]+\}[^]]+\])?(\[population=\{[^}]+\}[^]]+\])?(\[datefin=[0-9]{14}(Z|\+[0-9]{4})\])?$"
olcConstraintAttribute: supannMailPerso count 1 restrict="ldap:///ou=people,dc=univ,dc=fr??sub?(objectClass=inetOrgPerson)"
olcConstraintAttribute: supannMailPrive regex "^\{(SECOURS|PERSO|PARENTS|PRO)\}.*@.*$"
olcConstraintAttribute: supannOIDCDateDeNaissance regex "^[0-9]{4}-[0-9]{2}-[0-9]{2}$"
olcConstraintAttribute: supannParrainDN uri ldap:///ou=structures,dc=univ,dc=fr?entryDN?sub?(|(objectClass=supannPerson)(objectClass=supannGroupe)(objectClass=supannEntite))
olcConstraintAttribute: supannRoleEntite regex "^\[role=\{[^}]+\}[^]]+\]\[type=\{[^}]+\}[^]]+\]\[code=[^\]]+\]$"
olcConstraintAttribute: supannTelephonePrive regex "^\{(MOBPERSO|FIXEPERSO|FIXEPARENTS|MOBPARENTS|MOBPRO|FIXEPRO|SECOURS)\}\+?[0-9]{4,}$"
olcConstraintAttribute: supannTypeEntite,supannEtuCursusAnnee regex "^\{SUPANN\}[A-Z][0-9]+$"
olcConstraintAttribute: telephoneNumber,labeledURI count 1 restrict="ldap:///dc=univ,dc=fr??sub?(|(objectClass=inetOrgPerson)(objectClass=organization)(objectClass=organizationalUnit))"
olcConstraintAttribute: telephoneNumber,supannAutreTelephone,mobile,facsimileTelephoneNumber,homePhone regex "^\+?[0-9]{4,}$"
olcConstraintAttribute: uid count 1
olcConstraintAttribute: userPassword count 1
  • informatique/reseau/ldap/constraint.1664266025.txt.gz
  • Dernière modification : 2022/09/27 08:07
  • de bn8