Reference Guide › DSA Commands (DXserver Commands) › Commands Reference › set view Command—Define a View

set view Command—Define a View

To define a view to the DSA, you use the set view command.

The syntax of the command is as follows:

set view viewName = {

description="description"
entry = ViewDN 
[options = [collapse-result | collapse-result-under-entry]

[, remap-originator] [, view-entry-access-controls] ]

(phase=1 

subtree = phaseDN
[scope = {subtree | base | one-level}]
[filter = phaseFilter]
[eis = attributeName [,attributeName]...]
[allow-attr = allowAttribute pllow-target= allowTarget]
[prune-attr = pruneAttribute prune-target=pruneTarget]
[options = [ignore-from-result] [result-required] [prune-from-result]]

)
[ if (condition) |

else if (condition) |
else

[ { ]
[,phase=2 

subtree = phase_DN
[scope = {subtree | base | one-level}]
[filter = phaseFilter]
[eis = attributeName [as mappedAttr] [,attributeName]...]
[allow-attr = allowAttributeList allow-target= allowTarget]
[prune-attr = pruneAttributeList prune-target=pruneTargetList]
[merge-dn-attr]
[options = [ignore-from-result] [,result-required] [,prune-from-result] [,collapse-target]]

)
[ } ]
...]

}

• viewName

  Defines the name that the DSA command interpreter uses to identify the view. If the name contains spaces or non-alphanumeric characters, then it must be enclosed in quotes.

• description = "description"

  Describes the view. The description is any text string enclosed in quotes.

• entry = ViewDN

  Defines the DN of the view in LDAP format. The view is invoked by a request with this DN as the base.

• collapse-result

  (Optional) Specifies that the view will merge all the results into one entry, which is the base-object of the search request invoking the view. The view will return multiple entries if phase one returns multiple entries.

• collapse-result-under-entry

  (Optional) Specifies that the view will merge all the results into one entry, which is the entry DN returned by the phase one search. If the phase one search returns multiple entries then the view will be applied to each entry independently and multiple collapsed entries will be returned.

• remap-originator

  (Optional) Specifies that the originator, and hence access controls, are applied to the bind DN which is a virtual entry when binding to a view using a DN returned by a previous search with the 'collapse-result-under-entry'. The remap-originator option re-maps the originator to the underlying phase 1 entry allowing existing ACIs to be used.

• view-entry-access-controls

  (Optional) Specifies that temporary access to some sections of the view that are not visible to the user invoking the view are allowed. Use this in conjunction with 'trust-dsa-triggered-operations'. This works by ignoring access controls while the view searches are invoked and post-applying the access controls before the result is returned.

• if (condition)

  Specifies conditional views that must be met before the phase is performed. The conditional "if" and "else if" accept a view parameter a = (equals) or != (not equals) and a regular expression. The value substituted for the view parameter is compared to the regular expression.

• phase = phaseNum

  Specifies the phase number.

  A phase is a directory search within a view. A phase can use the results of previous phases in the same invocation of the view.

  Each phase must be given a number, starting at one and incrementing by one for each subsequent phase.

  Phase includes the following parameters:

  • subtree = phaseDN

    Defines the DN that is the start of the phase in LDAP format. The DN can also be constructed from view parameters.

  • eis = attributeName [as mappedAttr] [,attributeName]...

    (Optional) Defines the attributes that will be returned. Attribute names are separated by commas.

    If the search request that invoked the view specified an attribute name to be returned, then this field is ignored.

    • If eis is specified, then the phase returns only the specified attributes, plus any attributes referenced as parameters in later phases.
    • If eis is not specified, then all information items are returned.

    attributeName follows the syntax for views parameters.

    as mappedAttr returns the attribute returned by the view search using this attribute. This is useful if the underlying data has naming conflicts.

    Note: The syntax for both the attribute being returned and the mapped attribute should be identical.

  • scope = {subtree | base | one-level}

    (Optional) Defines the scope of the search for the specified phase. The scope is one of the following:

    • subtree - (Default) Search the entire subtree
    • base - Search will be base object only
    • one-level - Search will be one level only
  • filter = phaseFilter

    (Optional) Defines the LDAP filter that the phase uses for its search. Any item in the filter specification can include views parameters.

    If the scope of the search that invokes the view is base object, then filter is ignored.

    If the scope is base or one-level, then filter is optional. If the scope is subtree, then filter is required.

  • allow-attr = allowAttributeList

    (Optional) Specifies the attributes that will be included in a phase result.

    allowAttributeList follows the syntax for views parameters.

    Specifies the attribute name whose value is appended to the list of attribute values in allow-target

  • allow-target = allowTarget

    (Optional) Specifies the views parameter to take the value in allow-attr. If allow-target does not exist it is created when the first allow-attr is returned.

    allowTarget follows the syntax for views parameters.

    allow-target is used only with the allow-attr option.

  • prune-attr = pruneAttributeList

    (Optional) Specifies the attributes that will be removed from a phase result.

    pruneAttributeList follows the syntax for views parameters.

    prune-attr is used only with the prune-target option.

  • prune-target = pruneTargetList

    (Optional) Specifies the views parameter whose value is compared to the value of the attribute in prune-attr. If the two values match, then the attribute entry is removed from the result. Otherwise, the attribute entry is included in the result.

    pruneTargetList follows the syntax for views parameters.

    prune-target is used only with the prune-attr option.

  • merge-dn-attr

    (Optional) Specifies the attribute of DN syntax that each DN of the current phase result will be returned under. For example, it is often useful to return the groups a user is a member of with the user's entry. If this is set to memberOf, the phase subtree is where the groups are stored and the filter = "member = $1:dn".

  • Options = [ignore-from-result] [result-required] [prune-from-result] [collapse-target]

    (Optional) Specifies a comma-separated list of processing that the phase should perform before it returns the results to the view. Possible options are as follows:

    • ignore-from-result

      Specifies that the phase should return only those attributes whose values are referenced as parameters in later phases.

    • prune-from-result

      Specifies that the phase should return only the DN and not return any attributes at all.

    • result-required

      Specifies that the DSA should check if an attribute is referenced as a parameter in later phases does exist. If not, then the DSA aborts the search and raises an alarm.

    • collapse-target (requires view option collapse-result-under-view-entry)

      Instead of collapsing the view results under the entry specified by phase 1, this option allows for the view to be collapsed under a later phase. An error will occur if the later phase search returns multiple entries.