LoginControl DataObject

LoginControl enables multiple principal name authentication.

LoginControl extends from SearchControl.

The structure of a LoginControl data object consists of:
properties
specifies the properties you want returned from the principal entity that has been successfully authenticated.
searchBases
specifies the search bases used to limit the authentication scope to those bases specified in the list.
mappedProperties
specifies the principal names that are mapped to existing virtual member manager properties. This multiple principal names authentication against one account function enables a SimpleLDAPAccount to be backwards compatible with the WebSphere Application Server LDAPRegistry implementation. For example, if you specify mail and employeeId in mappedProperties, virtual member manager constructs a filter to make both properties used in search: ((&(|(mail=<principalName value>)(employeeId=<principalName value>))(objectclass=inetOrgPerson))

XML schema definition

The following is the XML schema definition for the LoginControl DataObject:
<xsd:complexType name="LoginControl">
 <xsd:complexContent>
  <xsd:extension base="SearchControl">
   <xsd:sequence>
    <xsd:element name="mappedProperties" type="xsd:string" minOccurs="0" maxOccurs="unbounded"/>
   </xsd:sequence>
  </xsd:extension>
 </xsd:complexContent>
</xsd:complexType>

Sample data object

The following is a sample LoginControl data object used in login API. It requests to authenticate using mail and employeeId properties and the scope is ou=department1,dc=yourco,dc=com and if successful, return the person’s uid and sn properties.
<wim:controls xsi:type="wim:LoginControl">
      <searchBases>ou=department1,dc=yourco,dc=com</searchBases>
      <wim:properties>uid</wim:properties>
      <wim:properties>cn</wim:properties>
      <wim:properties>principalName</wim:properties>
</wim:controls>
Terms of use | Feedback
(C) Copyright IBM Corporation 2005. All Rights Reserved.
IBM virtual member manager 6.1