Major Description
When automatically creating groups with the dynamic roles feature, it is sometimes desirable to keep tabs on them and add these groups to some fields.
For instance, for `XWiki.Prj_` groups dynamically created from project_ roles, we may want to add them in an ldap_group_mapping field in XWiki Preferences like this:
XWiki.Prj_1=cn=project_1,ou=users,dc=xwiki,dc=com|XWiki.Prj_2=cn=project_2,ou=users,dc=xwiki,dc=com|XWiki.Prj_3=cn=project_3,ou=users,dc=xwiki,dc=com|XWiki.EmployeeType_other=cn=employeetype_other,ou=users,dc=xwiki,dc=com|XWiki.EmployeeType_other=cn=employeetype_XXX,ou=users,dc=xwiki,dc=com|XWiki.EmployeeType_XXX=cn=employeetype_XXX,ou=users,dc=xwiki,dc=com{}
Given a configuration like:
xwiki.authentication.trusted.dynamicRole.configuration.project.addGroupToField.page=XWiki.XWikiPreferences
xwiki.authentication.trusted.dynamicRole.configuration.project.addGroupToField.className=XWiki.XWikiPreferences
xwiki.authentication.trusted.dynamicRole.configuration.project.addGroupToField.objectNumber=0
xwiki.authentication.trusted.dynamicRole.configuration.project.addGroupToField.propertyName=ldap_group_mapping
xwiki.authentication.trusted.dynamicRole.configuration.project.addGroupToField.separator=|
xwiki.authentication.trusted.dynamicRole.configuration.project.addGroupToField.valueRegex=^(?<group>[^=]+)=
xwiki.authentication.trusted.dynamicRole.configuration.project.addGroupToField.value={group}=cn={role},ou=users,dc=xwiki,dc=com{}
The above could be achieved with a configuration like this:
xwiki.authentication.trusted.dynamicRole.configuration.project.addGroupToField.page=XWiki.XWikiPreferences
xwiki.authentication.trusted.dynamicRole.configuration.project.addGroupToField.className=XWiki.XWikiPreferences
xwiki.authentication.trusted.dynamicRole.configuration.project.addGroupToField.objectNumber=0
xwiki.authentication.trusted.dynamicRole.configuration.project.addGroupToField.propertyName=ldap_group_mapping
xwiki.authentication.trusted.dynamicRole.configuration.project.addGroupToField.separator=|
xwiki.authentication.trusted.dynamicRole.configuration.project.addGroupToField.valueRegex=^(?<group>[^=])=.
xwiki.authentication.trusted.dynamicRole.configuration.project.addGroupToField.value={group.fullName}=cn={role},ou=users,dc=xwiki,dc=com
Description of each configuration fields to add:
addGroupToField.page = The document in which to add the value
addGroupToField.className (optional) = The class name of the object to use. If not given, the first object with the given property name will be used.
addGroupToField.objectNumber (optional) = The object number to use. If not specified, the first object of the given class name will be used.
addGroupToField.propertyName = The name of the property (field) to use.
addGroupToField.separator (optional) = The string that separates the values in this field. By default, a pipe character (|)
addGroupToField.valueRegex (optional) = The regex that will be used to match values. If there is a group named capture group is used, the matched part will be compared to / matched with the group being added. If there is a role named capture group is used, the role will be matched. By default, ^(?<group>[^=]+)=[\s\S]* is used. This means that values beginning with the name of the group being created, immediately followed by an equal sign, will be matched.
addGroupToField.valueFormat(optional) = the format of the value to add. {{
{group.fullName}}} is replaced with the full group name (e.g. XWiki.Project_1) without the wiki part, {group.name} is replaced with the base name (e.g. Project_1), {group} is replaced with the full reference including the wiki name (e.g. xwiki:XWiki.Project_1), {role} is replaced with the role. The backslash is an escape character which can be escaped with itself. By default, {{{group.fullName}={role}}} is used.
A configuration common to all dynamic role configurations can be used: xwiki.authentication.trusted.dynamicRole.addGroupToField. Specific configurations will override this one.