oracle · robertpatrick · Jan 13, 2022 · Jan 13, 2022 · Jan 13, 2022
diff --git a/core/src/main/python/wlsdeploy/aliases/model_constants.py b/core/src/main/python/wlsdeploy/aliases/model_constants.py
@@ -298,6 +298,7 @@
 UNIX_MACHINE_ATTRIBUTE = 'PostBindGID'
 UPDATE_MODE = 'UpdateMode'
 USER = 'User'
+USER_ATTRIBUTES = 'UserAttribute'
 VIRTUAL_TARGET = 'VirtualTarget'
 VIRTUAL_USER_AUTHENTICATOR = 'VirtualUserAuthenticator'
 WATCH = 'Watch'

diff --git a/core/src/main/python/wlsdeploy/tool/util/default_authenticator_helper.py b/core/src/main/python/wlsdeploy/tool/util/default_authenticator_helper.py
@@ -1,5 +1,5 @@
 """
-Copyright (c) 2021, Oracle Corporation and/or its affiliates.
+Copyright (c) 2021, 2022, Oracle Corporation and/or its affiliates.
 Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
 """
 import com.octetstring.vde.util.PasswordEncryptor as PasswordEncryptor
@@ -15,6 +15,7 @@
 from wlsdeploy.aliases.model_constants import GROUP_MEMBER_OF
 from wlsdeploy.aliases.model_constants import PASSWORD
 from wlsdeploy.aliases.model_constants import USER
+from wlsdeploy.aliases.model_constants import USER_ATTRIBUTES
 from wlsdeploy.exception import exception_helper
 from wlsdeploy.logging.platform_logger import PlatformLogger
 from wlsdeploy.tool.util.targets import file_template_helper
@@ -33,6 +34,8 @@
 HASH_GROUPS = 'groups'
 HASH_GROUP = 'groupMemberOf'
 HASH_USER_PASSWORD = 'password'
+HASH_ATTRIBUTES = 'userattr'
+HASH_ATTRIBUTE = 'attribute'
 
 
 class DefaultAuthenticatorHelper(object):
@@ -121,6 +124,23 @@ def _build_group_mapping_hash(self, group_mapping_section, name):
 
         return hash_entry
 
+    def _user_attributes(self, user_mapping_section, user_attributes):
+        """
+        Build a template hash map from the user attributes found under the
+        user attribute folder in the model.
+        :param user_mapping_section: The security user section from the model
+        :param name: user_attributes model section
+        :return: template
+        """
+        hash_entry = list()
+        if len(user_attributes) == 0:
+           return
+
+        for attribute in user_attributes:
+            hash_entry.append({HASH_ATTRIBUTE: attribute + ': ' + user_attributes[attribute]})
+
+        return hash_entry
+
     def _build_user_mapping_hash(self, user_mapping_section, name):
         """
         Build a template hash map from the security user data from the model.
@@ -148,7 +168,10 @@ def _build_user_mapping_hash(self, user_mapping_section, name):
             hash_entry[HASH_GROUPS] = group_mappings
         else:
             hash_entry[HASH_GROUPS] = group_list
-
+        attribute_folder = dictionary_utils.get_element(group_attributes, USER_ATTRIBUTES)
+        dict_hash = self._user_attributes(user_mapping_section, attribute_folder)
+        if len(dict_hash) > 0:
+            hash_entry[HASH_ATTRIBUTES] = dict_hash
         return hash_entry
 
     def _encode_password(self, user, password):

diff --git a/core/src/main/resources/oracle/weblogic/deploy/aliases/category_modules/Security.json b/core/src/main/resources/oracle/weblogic/deploy/aliases/category_modules/Security.json
@@ -1,5 +1,5 @@
 {
-    "copyright": "Copyright (c) 2017, 2020, Oracle Corporation and/or its affiliates.  All rights reserved.",
+    "copyright": "Copyright (c) 2017, 2022, Oracle Corporation and/or its affiliates.  All rights reserved.",
     "license": "Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl",
     "wlst_type": "Security",
     "default_name_value": "%DOMAIN%",
@@ -21,13 +21,45 @@
         "User": {
             "wlst_type": "User",
             "child_folders_type": "multiple",
-            "folders": { },
+            "folders": {
+                "UserAttribute": {
+                    "wlst_type": "UserAttribute",
+                    "default_name_value": "${NO_NAME_0:%USER%}",
+                    "folders": {},
+                    "attributes": {
+                        "c":                         [ {"version": "[10,)", "wlst_mode": "offline", "wlst_name": "c",                        "wlst_path": "WP001", "value": {"default": "None" }, "wlst_type": "string",           "get_method": "NONE" } ],
+                        "departmentnumber":          [ {"version": "[10,)", "wlst_mode": "offline", "wlst_name": "departmentnumber",         "wlst_path": "WP001", "value": {"default": "None" }, "wlst_type": "string",           "get_method": "NONE" } ],
+                        "displayname":               [ {"version": "[10,)", "wlst_mode": "offline", "wlst_name": "displayname",              "wlst_path": "WP001", "value": {"default": "None" }, "wlst_type": "string",           "get_method": "NONE" } ],
+                        "employeenumber":            [ {"version": "[10,)", "wlst_mode": "offline", "wlst_name": "employeenumber",           "wlst_path": "WP001", "value": {"default": "None" }, "wlst_type": "string",           "get_method": "NONE" } ],
+                        "employeetype":              [  {"version": "[10,)", "wlst_mode": "offline", "wlst_name": "employeetype",            "wlst_path": "WP001", "value": {"default": "None" }, "wlst_type": "string",           "get_method": "NONE" } ],
+                        "facsimiletelephonenumber":  [ {"version": "[10,)", "wlst_mode": "offline", "wlst_name": "facsimiletelephonenumber", "wlst_path": "WP001", "value": {"default": "None" }, "wlst_type": "string",           "get_method": "NONE" } ],
+                        "givenname":                 [ {"version": "[10,)", "wlst_mode": "offline", "wlst_name": "givenname",                "wlst_path": "WP001", "value": {"default": "None" }, "wlst_type": "string",           "get_method": "NONE" } ],
+                        "homephone":                 [ {"version": "[10,)", "wlst_mode": "offline", "wlst_name": "homephone",                "wlst_path": "WP001", "value": {"default": "None" }, "wlst_type": "string",           "get_method": "NONE" } ],
+                        "homepostaladdress":         [ {"version": "[10,)", "wlst_mode": "offline", "wlst_name": "homepostaladdress",        "wlst_path": "WP001", "value": {"default": "None" }, "wlst_type": "string",           "get_method": "NONE" } ],
+                        "l":                         [ {"version": "[10,)", "wlst_mode": "offline", "wlst_name": "l",                        "wlst_path": "WP001", "value": {"default": "None" }, "wlst_type": "string",           "get_method": "NONE" } ],
+                        "mail":                      [ {"version": "[10,)", "wlst_mode": "offline", "wlst_name": "mail",                     "wlst_path": "WP001", "value": {"default": "None" }, "wlst_type": "string",           "get_method": "NONE" } ],
+                        "mobile":                    [ {"version": "[10,)", "wlst_mode": "offline", "wlst_name": "mobile",                   "wlst_path": "WP001", "value": {"default": "None" }, "wlst_type": "string",           "get_method": "NONE" } ],
+                        "pager":                     [ {"version": "[10,)", "wlst_mode": "offline", "wlst_name": "pager",                    "wlst_path": "WP001", "value": {"default": "None" }, "wlst_type": "string",           "get_method": "NONE" } ],
+                        "postaladdress":             [ {"version": "[10,)", "wlst_mode": "offline", "wlst_name": "postaladdress",            "wlst_path": "WP001", "value": {"default": "None" }, "wlst_type": "string",           "get_method": "NONE" } ],
+                        "postofficebox":             [ {"version": "[10,)", "wlst_mode": "offline", "wlst_name": "postofficebox",            "wlst_path": "WP001", "value": {"default": "None" }, "wlst_type": "string",           "get_method": "NONE" } ],
+                        "preferredlanguage":         [ {"version": "[10,)", "wlst_mode": "offline", "wlst_name": "preferredlanguage",        "wlst_path": "WP001", "value": {"default": "None" }, "wlst_type": "string",           "get_method": "NONE" } ],
+                        "st":                        [ {"version": "[10,)", "wlst_mode": "offline", "wlst_name": "st",                       "wlst_path": "WP001", "value": {"default": "None" }, "wlst_type": "string",           "get_method": "NONE" } ],
+                        "street":                    [ {"version": "[10,)", "wlst_mode": "offline", "wlst_name": "street",                   "wlst_path": "WP001", "value": {"default": "None" }, "wlst_type": "string",           "get_method": "NONE" } ],
+                        "telephonenumber":           [ {"version": "[10,)", "wlst_mode": "offline", "wlst_name": "telephonenumber",          "wlst_path": "WP001", "value": {"default": "None" }, "wlst_type": "string",           "get_method": "NONE" } ],
+                        "title":                     [ {"version": "[10,)", "wlst_mode": "offline", "wlst_name": "title",                    "wlst_path": "WP001", "value": {"default": "None" }, "wlst_type": "string",           "get_method": "NONE" } ]
+                    },
+                    "wlst_attributes_path": "WP001",
+                    "wlst_paths": {
+                        "WP001": "/Security/%SECURITY%/User/%USER%/UserAttribute/%USERATTRIBUTE%"
+                    }
+                }
+            },
             "attributes": {
-                "Description":    [ {"version": "[10,)", "wlst_mode": "offline", "wlst_name": "Description",    "wlst_path": "WP001", "value": {"default": "None" }, "wlst_type": "string",           "get_method": "NONE" } ],
-                "GroupMemberOf":  [ {"version": "[10,)", "wlst_mode": "offline", "wlst_name": "GroupMemberOf",  "wlst_path": "WP001", "value": {"default": "None" }, "wlst_type": "delimited_string", "get_method": "NONE" } ],
-                "IsDefaultAdmin": [ {"version": "[10,)", "wlst_mode": "offline", "wlst_name": "IsDefaultAdmin", "wlst_path": "WP001", "value": {"default": false  }, "wlst_type": "boolean",          "get_method": "NONE" } ],
-                "Name":           [ {"version": "[10,)", "wlst_mode": "offline", "wlst_name": "Name",           "wlst_path": "WP001", "value": {"default": "None" }, "wlst_type": "string",           "get_method": "NONE" } ],
-                "Password":       [ {"version": "[10,)", "wlst_mode": "offline", "wlst_name": "Password",       "wlst_path": "WP001", "value": {"default": "None" }, "wlst_type": "password",         "get_method": "NONE" } ]
+                "Description":               [ {"version": "[10,)", "wlst_mode": "offline", "wlst_name": "Description",              "wlst_path": "WP001", "value": {"default": "None" }, "wlst_type": "string",           "get_method": "NONE" } ],
+                "GroupMemberOf":             [ {"version": "[10,)", "wlst_mode": "offline", "wlst_name": "GroupMemberOf",            "wlst_path": "WP001", "value": {"default": "None" }, "wlst_type": "delimited_string", "get_method": "NONE" } ],
+                "IsDefaultAdmin":            [ {"version": "[10,)", "wlst_mode": "offline", "wlst_name": "IsDefaultAdmin",           "wlst_path": "WP001", "value": {"default": false  }, "wlst_type": "boolean",          "get_method": "NONE" } ],
+                "Name":                      [ {"version": "[10,)", "wlst_mode": "offline", "wlst_name": "Name",                     "wlst_path": "WP001", "value": {"default": "None" }, "wlst_type": "string",           "get_method": "NONE" } ],
+                "Password":                  [ {"version": "[10,)", "wlst_mode": "offline", "wlst_name": "Password",                 "wlst_path": "WP001", "value": {"default": "None" }, "wlst_type": "password",         "get_method": "NONE" } ]
             },
             "wlst_attributes_path": "WP001",
             "wlst_paths": {

diff --git a/core/src/main/resources/oracle/weblogic/deploy/security/DefaultAuthenticatorInit.ldift b/core/src/main/resources/oracle/weblogic/deploy/security/DefaultAuthenticatorInit.ldift
@@ -27,4 +27,7 @@ objectclass: wlsUser
 {{#groups}}
 wlsMemberOf: cn={{{groupMemberOf}}},ou=groups,ou=@realm@,dc=@domain@
 {{/groups}}
+{{#userattr}}
+{{{attribute}}}
+{{/userattr}}
 {{/user}}
diff --git a/documentation/2.0/content/samples/usersgroups-model.md b/documentation/2.0/content/samples/usersgroups-model.md
@@ -39,6 +39,7 @@ The model allows for the definition of a set of users and groups that will be lo
 
 The user password can be specified with a placeholder or encrypted with the [Encrypt Tool]({{< relref "/userguide/tools/encrypt.md" >}}). An example `Security` section that adds an additional group `AppMonitors`, adds two new users and places the users into groups is as follows:
 
+You can add user attributes that are defined for the DefaultAuthenticator. This is a limited set of attributes that go under a separate folder `UserAttribute` in the model under the `User` section.
 ```yaml
 topology:
   Security:
@@ -52,6 +53,8 @@ topology:
       joe:
          Password: welcome1
          GroupMemberOf: [ AppMonitors ]
+         UserAttribute:
+             mail: joe@mycompany.com
 ```
 
 #### Known limitations