1 files changed, 41 insertions, 2 deletions

diff --git a/idp/template-config/attribute-resolver.xml b/idp/template-config/attribute-resolver.xml
index e761920..1020fc4 100644
--- a/idp/template-config/attribute-resolver.xml
+++ b/idp/template-config/attribute-resolver.xml
@@ -106,8 +106,28 @@
     </AttributeDefinition>
 
     <!-- Schema: eduPerson attributes -->
-    <AttributeDefinition id="memberOf" xsi:type="Simple" sourceAttributeID="memberOf">
-      <Dependency ref="myLDAP" />
+
+    <AttributeDefinition id="mappedEduPersonEntitlement" xsi:type="Mapped" sourceAttributeID="memberOf" dependencyOnly="true">
+      <Dependency ref="myLDAPGROUPS" />
+      <ValueMap>
+        <ReturnValue>urn:x-ldapgroup:ndn-sysadmin</ReturnValue>
+        <SourceValue>cn=ndn-sysadmin,ou=groups,dc=nordu,dc=net</SourceValue>
+      </ValueMap>
+      <ValueMap>
+        <ReturnValue>urn:x-ldapgroup:ndn-netadmin</ReturnValue>
+        <SourceValue>cn=ndn-netadmin,ou=groups,dc=nordu,dc=net</SourceValue>
+      </ValueMap>
+      <ValueMap>
+        <ReturnValue>urn:x-ldapgroup:ndn-secadmin</ReturnValue>
+        <SourceValue>cn=ndn-secadmin,ou=groups,dc=nordu,dc=net</SourceValue>
+      </ValueMap>
+    </AttributeDefinition>
+
+    <AttributeDefinition id="eduPersonEntitlement" xsi:type="Simple" sourceAttributeID="staticeduPersonEntitlement">
+      <Dependency ref="mappedEduPersonEntitlement" />
+      <Dependency ref="staticAttributes" />
+      <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:eduPersonEntitlement" />
+      <AttributeEncoder xsi:type="SAML2String" name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" friendlyName="eduPersonEntitlement" />
     </AttributeDefinition>
 	  <!-- Idp-Installer: the source for this attribute is from the database StoredId and no longer the classic computedID  -->
     <!--
@@ -180,6 +200,16 @@
             ]]>
         </FilterTemplate>
     </DataConnector>
+    <DataConnector id="myLDAPGROUPS" xsi:type="LDAPDirectory"
+        ldapURL="%{idp.attribute.resolver.LDAP.ldapURL}"
+        baseDN="%{idp.attribute.resolver.LDAP.baseDN}">
+        <FilterTemplate>
+            <![CDATA[
+                %{idp.attribute.resolver.LDAP.searchFilter}
+            ]]>
+        </FilterTemplate>
+        <ReturnAttributes>memberOf</ReturnAttributes>
+    </DataConnector>
 
   	<DataConnector id="staticAttributes" xsi:type="Static">
 			<Attribute id="o">
@@ -194,6 +224,15 @@
 			<Attribute id="norEduOrgAcronym">
 				<Value>NORDUNet</Value>
 			</Attribute>
+      <Attribute id="staticeduPersonEntitlement">
+        <Value>urn:mace:dir:entitlement:common-lib-terms</Value>
+        <Value>urn:mace:terena.org:tcs:escience-user</Value>
+        <Value>urn:mace:terena.org:tcs:personal-user</Value>
+        <Value>urn:mace:rediris.es:entitlement:wiki:tfemc2</Value>
+        <Value>urn:mace:swami.se:gmai:sunet-baas:admin</Value>
+        <Value>urn:mace:swami.se:gmai:sunet-iaas:admin</Value>
+        <Value>urn:mace:swami.se:gmai:sunet-iaas:user</Value>
+      </Attribute>
   	</DataConnector>