LDAPSearchFilter

Configuration for searching the user registry to find user information for authentication purposes.



 

Attributes Summary

userFilter An LDAP filter clause for searching the registry for users.
groupFilter An LDAP filter clause for searching the registry for groups.
userIdMap An LDAP filter that maps the short name of a user to an LDAP entry.
groupIdMap An LDAP filter that maps the short name of a group to an LDAP entry.
groupMemberIdMap An LDAP filter that identifies User to Groups memberships.
certificateMapMode Whether to map X.
certificateFilter If you specified the Filter Certificate mapping, this property specifies the certificate property against which to check certificate validity.

 

Attribute Details


userFilter

An LDAP filter clause for searching the registry for users. It is typically used for Security Role to User assignment. It specifies the property by which to look up users in the directory service. For example, to look up users based on their user IDs, specify (ampersand(uid=%v)(objectclass=inetOrgPerson) where ampersand is the ampersand symbol.

Data type:   String
Default value:   unspecified



groupFilter

An LDAP filter clause for searching the registry for groups. It is typically used for Security Role to Group assignment. It specifies the property by which to look up groups in the directory service.

Data type:   String
Default value:   unspecified



userIdMap

An LDAP filter that maps the short name of a user to an LDAP entry. Specifies the piece of information that should represent users when users are displayed. For example, to display entries of the type object class = inetOrgPerson by their IDs, specify inetOrgPerson:uid. This field takes multiple objectclass:property pairs delimited by a semicolon (";").

Data type:   String
Default value:   unspecified



groupIdMap

An LDAP filter that maps the short name of a group to an LDAP entry. Specifies the piece of information that should represent groups when groups are displayed. For example, to display groups by their names, specify *:cn. The * is a wildcard character that searches on any object class in this case. This field takes multiple objectclass:property pairs delimited by a semicolon (";").

Data type:   String
Default value:   unspecified



groupMemberIdMap

An LDAP filter that identifies User to Groups memberships. Specifies which property of an objectclass stores the list of members belonging to the group represented by the objectclass. This field takes multiple objectclass:property pairs delimited by a semicolon (";").

Data type:   String
Default value:   unspecified



certificateMapMode

Whether to map X.509 Certificates into an LDAP directory by EXACT_DN or CERTIFICATE_FILTER. Specify CERTIFICATE_FILTER to use the specified Certificate Filter for the mapping.

Data type:  CertificateMapMode
Default value:   unspecified
Allowed Values:  EXACT_DN   CERTIFICATE_FILTER  



certificateFilter

If you specified the Filter Certificate mapping, this property specifies the certificate property against which to check certificate validity.

Data type:   String
Default value:   unspecified