Can someone provide an example of a string attributeFilter, when using the Link objects getEntitlements() method with Active Directory groups?
If I use ‘null’ it returns all the groups, but i’d like to know what the string looks like to filter. The full list are DNs of the AD groups on a Link object.
getEntitlements(java.util.Locale locale, java.lang.String attributeFilter)
Thanks.
The “attributeFilter” is simply the full name (or the prefix/starting sub-string) of an attribute in your Application’s account schema which represents an entitlement. For example, in a typical Active Directory Application account schema, the attribute “memberOf” represents an entitlement. However, there could be account schemas which have multiple attributes that represent entitlements (for example, the account schema could have the attributes “roles” and “groups”, and both would represent a different type of entitlement, and so calling getEntitlements(myLocale, “roles”), would only return the “role” type entitlements from the Link). If you pass in null as the attributeFilter, the method returns all entitlements, regardless of the attribute name they are related to.
Can you provide and example from this?
Application: Active Directory
Type:group
Attribute: memberOf
Value: CN=AppGroup,OU=General,OU=Security,OU=Internal,OU=Groups,DC=domain,DC=test,DC=com
I tried:
ents = link.getEntitlements(Locale.US, “memberOf==“CN=AppGroup,OU=General,OU=Security,OU=Internal,OU=Groups,DC=domain,DC=test,DC=com””);
but it didn’t work. “ents” list is empty.
The “attributeFilter” can only be the name of the attribute (or partial substring) from the account schema. It cannot have an entitlement value. For example, valid calls to this method could be:
ents = link.getEntitlements(Locale.US, “memberOf”);
ents = link.getEntitlements(Locale.US, “member”);
ents = link.getEntitlements(Locale.US, “mem”);