This module allows you to manage LDAP attributes that are not covered by the other LAM modules (e.g. if you use a custom LDAP schema). You can fully define how your input fields look like:
Label
LDAP attribute name
Unique name for field
Help text
Read-only display
Field type: text, password, text area, checkbox, radio buttons, select list, file upload, LDAP date (and time), constant
Validation via regular expression
Error message if validation fails
Limitations:
Custom fields cannot manage
structural object classes (supported by Custom types)
attributes that require validation rules across multiple attributes or cannot be described by a simple regular expression
Activating the custom fields module:
You may specify custom fields for all of your account types. Please enter tab "Modules" in your server profile. Now activate the "Custom fields (customFields)" module for all needed account types.
Setting label and icon:
You may set the label that is displayed e.g. on the tab when editing an account. It is also possible to specify an icon (must be a valid URL like "/images/icon.png" or "http://server/images/icon.png"). The icon size should be 32x32 pixels.
LAM will display a default icon and "Custom fields" as label if you do not enter any values.
You may also specify how LAM displays custom fields when there are multiple field groups. The default is accordion view where you can switch field groups by clicking on the title. You may also deactivate this mode. Then all field groups are displayed one below the other.
Defining groups:
All input fields are divided into groups. A group may contain one or more object classes and allows you to add/remove a certain set of input fields.
E.g. you may define two groups - "My application A" and "My application B" - that manage different LDAP attributes and object classes. This way you will be able to control both attribute sets independently.
To create a group please edit your server profile and switch to tab "Module settings". You will see the section "Custom fields" which allows you to add new groups. Now select your account type (e.g. Users) and specify an alias for your group. This alias will be printed as group header when you later edit an account in the admin interface.
After you created your new group you can setup the managed object classes. If you specify any object classes then you will later be able to add/remove a complete set of attributes including their object classes.
Skipping the object classes field is only useful if you want to manage some attributes that are not yet supported by LAM but there is already a LAM module that manages the object class.
The group may look like when you edit a user.
Adding fields:
Now you can add a new field that manages an LDAP attribute. Simply fill the fields and press on "Add".
Please note that the field name cannot be changed later. It is the unique ID for this field.
Examples for fields and their representation:
Text field:
Text fields allow to specify a validation expression and error message.
You can also enable auto-completion. In this case LAM will search all accounts for the given attribute and provide auto-completion hints when the user edits this field. This should only be used if there is a limited number of different values for this attribute.
In case your field is a date value you can show a calendar for easy editing.
Example calendar formats:
dd.mm.yy: 31.12.2016
yy-mm-dd: 2016-12-31
d M, y: 31 Dec, 16
d MM, y: 31 December, 2016
Presentation:
Password field:
You can also manage custom password fields. LAM Pro will display two fields where the user must enter the same password. You can hash the password if needed.
Presentation:
Text area:
This adds a multi-line field. The options are similar to text fields. Additionally, you can set the size with the number of columns and rows.
Please note that the validation expression should be set to multi-line. This is done by adding "m" at the end.
Presentation:
Checkbox:
Sometimes you may want to allow only yes/no values for your LDAP attributes. This can be represented by a checkbox. You can specify the values for checked and unchecked. The default value is set if the LDAP attribute has no value.
Presentation:
Radio buttons:
This displays a list of radio buttons where the user can select one value.
You can specify a mapping of LDAP attribute values and their display (label) on the Self Service page. To add more mapping fields please press "Add more mapping fields".
Presentation:
Select list:
Select lists allow the user to select a value in a large list of options. The definition of the possible values and their display is similar to radio buttons.
You can also allow multiple values.
Presentation:
LDAP search select list
This is similar to "Select list" but the option are read from LDAP. You can use this to define e.g. a DN selection list. Multiple values are supported.
LDAP suffix: The LDAP DN that is used as starting point to search for LDAP entries.
LDAP filter: Only LDAP entries that match this filter will be used. If all entries should be used then use "(objectclass=*)".
Attribute name: The values of this attribute will be used to build the selection list.
Display attributes: List of attributes to show as label for the options in select box. Attribute wildcards are surrounded by "$", e.g. "$cn$" will be replaced by "cn" attribute. Default is "$dn$".
Presentation:
LDAP date
Use this for LDAP attributes with syntax "Generalized Time" (1.3.6.1.4.1.1466.115.121.1.24).
LAM will automatically set hour/minute/second to "0". If this is not intended please use type "LDAP date and time".
Presentation:
LAM will display a calendar to select the date.
LDAP date and time
Use this for LDAP attributes with syntax "Generalized Time" (1.3.6.1.4.1.1466.115.121.1.24).
LAM can convert the displayed value to the configured time zone of your server/self service profile. In this case, please activate "Display in local time".
Presentation:
LAM will display a calendar to select the date and time.
Constant value
This will set the attribute to a constant value. You can also specify wildcards to inject other attribute's values.
Wildcards:
%attribute%: attribute value
@attribute@: first character of attribute
?attribute?: first character of attribute in lower case
!attribute!: first character of attribute in upper case
??attribute??: attribute in lower case
!!attribute!!: attribute in upper case
((attribute)): space if attribute is set
§attribute|;§; attribute values separated by ";" (you can set other separators if you want)
Examples for attributes gn="Steve", sn="Miller" and memberUid=("user1", "user2") (specified value -> resulting LDAP value):
Table 4.3.
Constant value | Resulting LDAP value |
---|---|
my constant | my constant |
%gn% | Steve |
%gn%((gn))%sn% | Steve Miller (would be "Miller" if gn is empty) |
§memberUid|, § | user1, user2 |
Presentation:
The LDAP value will be shown as text.
File upload:
This is used for binary data. You can restrict uploaded data to a given file extension and set the maximum file size.
Presentation:
The uploaded data may also be downloaded via LAM.
The validation expressions follow the standard of Perl regular expressions. They start and end with a "/". The beginning of a line is specified by "^" and the end by "$".
Examples:
/^[a-z0-9]+$/ allows small letters and numbers. The value must not be empty ("+").
/^[a-z0-9]+$/i allows small and capital letters ("i" at the end means ignore case) and numbers. The value must not be empty ("+").
Special characters that must be escaped with "\": "\", ".", "(", ")"
E.g. /^[a-z0-9\.]$/i