Express (Distributed operating systems), v8.0 > Secure applications and their environment > Authenticate users > Select a registry or repository > Manage realms in a federated repository > Virtual member manager > Reference > Program model > Control DataObject
LoginControl DataObject
LoginControl enables multiple principal name authentication.
LoginControl extends from SearchControl.
The structure of a LoginControl data object consists of:
properties
specifies the properties you want returned from the principal entity that has been successfully authenticated.
searchBases
specifies the search bases used to limit the authentication scope to those bases specified in the list.
mappedProperties
specifies the principal names that are mapped to existing virtual member manager properties. This multiple principal names authentication against one account function enables a SimpleLDAPAccount to be backwards compatible with the WAS LDAPRegistry implementation. For example, if you specify mail and employeeId in mappedProperties, virtual member manager constructs a filter to make both properties used in search: ((&(|(mail= <principalName value>)(employeeId= <principalName value>))(objectclass=inetOrgPerson))
XML schema definition
The following is the XML schema definition for the LoginControl DataObject:
<xsd:complexType name="LoginControl"> <xsd:complexContent> <xsd:extension base="SearchControl"> <xsd:sequence> <xsd:element name="mappedProperties" type="xsd:string" minOccurs="0" maxOccurs="unbounded"/> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType>
Sample data object
The following is a sample LoginControl data object used in login API. It requests to authenticate using mail and employeeId properties and the scope is ou=department1,dc=yourco,dc=com and if successful, return the return the uid, cn, and principalName properties of the person.
<wim:controls xsi:type="wim:LoginControl"> <searchBases>ou=department1,dc=yourco,dc=com </searchBases> <wim:properties>uid </wim:properties> <wim:properties>cn </wim:properties> <wim:properties>principalName </wim:properties> </wim:controls>If you define multiple login properties, then the first login property is programmatically mapped to the federated repositories principalName property. For example, if you set uid;mail as the login properties, the LDAP attribute uid is mapped to the federated repositories principalName property. If you define multiple login properties, after login, the first login property is returned as the value of the principalName property. For example, if you pass the principalName value, joe@yourco.com and the login properties are configured as uid;mail, the principalName is returned as joe.
Parent topic: Control DataObject