LoginControl enables multiple principal name authentication.
LoginControl extends from SearchControl.
The structure of a LoginControl data object consists of:
- properties
- specifies the properties you want returned from the principal entity that
has been successfully authenticated.
- searchBases
- specifies the search bases used to limit the authentication scope to those
bases specified in the list.
- mappedProperties
- specifies the principal names that are mapped to existing virtual member
manager properties. This multiple principal names authentication against one
account function enables a SimpleLDAPAccount to be backwards compatible with
the WebSphere Application Server LDAPRegistry implementation. For example,
if you specify mail and employeeId in mappedProperties, virtual member manager
constructs a filter to make both properties used in search: ((&(|(mail=<principalName
value>)(employeeId=<principalName value>))(objectclass=inetOrgPerson))
XML schema definition
The following is the XML schema
definition for the LoginControl DataObject:
<xsd:complexType name="LoginControl">
<xsd:complexContent>
<xsd:extension base="SearchControl">
<xsd:sequence>
<xsd:element name="mappedProperties" type="xsd:string" minOccurs="0" maxOccurs="unbounded"/>
</xsd:sequence>
</xsd:extension>
</xsd:complexContent>
</xsd:complexType>
Sample data object
The following is a sample LoginControl
data object used in login API. It requests to authenticate using mail and
employeeId properties and the scope is ou=department1,dc=yourco,dc=com and
if successful, return the person’s uid and sn properties.
<wim:controls xsi:type="wim:LoginControl">
<searchBases>ou=department1,dc=yourco,dc=com</searchBases>
<wim:properties>uid</wim:properties>
<wim:properties>cn</wim:properties>
<wim:properties>principalName</wim:properties>
</wim:controls>