Active Directory属性存储：需要自定义声明规则才能访问其他属性？ [英] Active Directory attribute store: Require custom claim rule to access other attributes?

问题描述

大家好，

我是AD FS的新人，我有一个问题。 我注意到，当您设置声明规则时，您可以选择Active Directory作为属性存储，这真的很棒。 当我选择Active Directory作为属性存储时，在"将
LDAP属性映射到传出声明类型："上，对于LDAP属性下的下拉列表 - 我得到一个大约23个左右属性的列表。  如果我想从AD用户记录中获取未在此列表中显示的属性（该属性位于Active Directory
但未显示在LDAP属性下的下拉列表中），那么我唯一的选择是创建自定义声明规则（即使用声明规则语言并映射出我要映射的属性）。

I'm a new guy to AD FS and I have a question.  I notice that when you setup a Claim Rule, you can select Active Directory as a Attribute Store which is really awesome.  When I select Active Directory to be the Attribute store, on the "Mapping of LDAP attributes to outgoing claim types:", for the dropdown list under LDAP Attribute - I get a list of about 23 or so attributes.  If I want to grab an attribute from the AD user record that does not show on this list (the attribute is in Active Directory but does not show up in the drop down list under LDAP Attributes), is my only option is to create a custom claim rule (i.e., use the Claim Rule Language and map out the attribute(s) I want to map).

提前致谢。

 

推荐答案

因此您需要使用自定义规则。本文提到了语法：
http://technet.microsoft.com/en-us/library/adfs2-help-attribute-stores(WS.10).aspx 。

其他文章显示了示例：
http：// technet。 microsoft.com/en-us/library/ff678048(WS.10).aspx 。我想我已经看到了一个使用OID而不是命名空间用于不同AD属性的示例，这里是带有OID示例的链接：

http： //blogs.msdn.com/b/card/archive/2010/06/21/a-quick-walkthrough-setting-up-ad-fs-saml-federation-with-a-shibboleth-sp.aspx。

This other article shows examples: http://technet.microsoft.com/en-us/library/ff678048(WS.10).aspx. I think I have seen an example using an OID rather than a namespace for a different AD attribute, here is the link with the OID examples: http://blogs.msdn.com/b/card/archive/2010/06/21/a-quick-walkthrough-setting-up-ad-fs-saml-federation-with-a-shibboleth-sp.aspx.

谢谢，

这篇关于Active Directory属性存储：需要自定义声明规则才能访问其他属性？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！