Directory Server, Version 6.1

---

 

Working with directory entries

Expand the Directory management category in the navigation area of the Web Administration Tool. All the directory entry tasks that you want to perform can be accessed by selecting Manage entries. Two short cuts have been added to the navigation area for the specific tasks of adding an entry and finding (searching for) entries

We can perform the following operations with directory entries:

• Browse the directory tree

• Add or remove an entry

• Add or remove an auxiliary object class to an entry

• Edit the attributes of an entry

• Copy an entry

• Manage members

• Manage memberships

• Edit ACLs

• Search for entries

 

Browsing the tree

If you have not done so already, expand the Directory management category in the navigation area, then click Manage entries. The Manage entries table displays the following column information:

Select

Select the radio button next to the name of an attribute you want to view, edit, copy or delete.

Expand

Indicates an expandable entry. An expandable entry is an entry that has child entries.

Note:

It is possible that even though the + sign is present, you still might not see any child entries, as ACLs do not permit a user to see child entries.

RDN

Displays the relative distinguished name (RDN) of the entry.

Object class

Displays the object classes of the entry.

Created

Lists the date the entry was created.

Modified

Lists the date the entry was last modified.

Modified by

Lists the identity of the person who last modified the entry.

Select a subtree and click Expand to view the next lower level in the subtree. We can click Collapse/Go to to move one level back up the subtree hierarchy. We can also click Find to locate the entry you want to work on (see Searching the directory entries). After you have located the level for the entry that you want to work on, select it and choose the operation you want to perform from tool bar or the Select action drop-down menu.

 

Adding an entry

 

Using Web Administration

If you have not done so already, expand the Directory management category in the navigation area.

1. Click Add an entry.

2. Select a filter object class from the drop-down menu and click Refresh.

3. Select one Structural object class from the list box.

4. Click Next.

5. Select a filter object class from the drop-down menu and click Refresh.

6. Select any Auxiliary object classes you wish to use from the Available box and click Add. Repeat this process for each auxiliary object class you want to add. We can also delete an auxiliary object class from the Selected box by selecting it and clicking Remove.

7. Click Next.

8. In the Relative DN field, enter the relative distinguished name (RDN) of the entry that you are adding, for example, cn=John Doe.

9. In the Parent DN field, enter the distinguished name of the tree entry you selected, for example, ou=Austin, o=IBM. We can also click Browse to select the Parent DN from the list. We can also expand the selection to view other choices lower in the subtree. Specify the your choice and click Select to specify the Parent DN that you want. The Parent DN defaults to the entry selected in the tree.
   Note:

   If you started this task from the Manage entries panel, this field is prefilled for you. You selected the Parent DN before clicking Add to start the add entry process. However, if your server supports the modifyDN operation (starting with IBM® Tivoli® Directory Server version 6.0), the field is still modifiable if the entry is a leaf node. That is, if it has no entries below it, we can move the entry to another parent DN entry.

10. At the Required attributes tab enter the values for the required attributes.
    Notes:

    1. If the attribute is multi-valued and you want to add more than one value for a particular attribute, click Multiple values. See Multiple values for attributes.

    2. If an attribute requires binary data, click Binary data. See Binary data for attributes

    3. If your server has language tags enabled, click Language tag value to add or remove language tag descriptors. See Language tags and Language tag values for attributes for more information.

    4. If an attribute contains referrals, click Manage referral. See Referrals and Creating default referrals for more information.

11. Click Optional attributes.

12. At the Optional attributes tab enter the values as appropriate for the other attributes.

13. Click Finish to create the entry.

14. After successfully adding an entry, you will be prompted to add a similar entry. To add a similar entry, click Yes.To exit and return to the Manage entries panel, click No.

 

Using the command line

Issue the command:

idsldapadd -D <adminDN> -w <adminPW> -i <filename>

where <filename> contains the following:

dn: cn=John Doe, ou=Austin, o=IBM 
cn: John Doe 
objectclass: inetOrgPerson 
objectclass: organizationalPerson 
objectclass: person 
objectclass: top 
sn: Doe

 

Multiple values for attributes

If the attribute supports multiple values and you want to add more than one value for a particular attribute:

1. Click Multiple values.

2. Supply the additional value for the attribute.

3. Click Add.

4. Repeat this for each additional value.

5. When you are finished click OK.

The values are added to a drop-down menu displayed below the attribute.

If the attribute supports multiple values and you want to remove one or more values for a particular attribute:

1. Click Multiple values.

2. Select the value you want to remove.

3. Click Remove.

4. Repeat this for each additional value that you want to remove.

5. When you are finished click OK.

The values are removed from the drop-down menu displayed below the attribute. The drop-down menu displays the remaining values. If only one value on no values are assigned to the value, the drop-down menu is no longer displayed.

Note:

If you select a language value tag in the Display with language tags menu, then any attribute you add or remove is associated with that language tag. See Language tag values for attributes for more information about adding language tag values.

 

Binary data for attributes

 

Using Web Administration

If an attribute requires binary data, a Binary data button is displayed next to the attribute field. If the attribute has no data the field is blank. Because binary attributes cannot be displayed, if an attribute contains binary data, the field displays Binary data 1. If the attribute contains multiple values, the field displays as a drop-down list.

Click the Binary data button to work with binary attributes.

We can import, export or remove binary data.

To add binary data to the attribute:

1. Click the Binary data button.

2. Click Import.

3. We can either enter the path name for the file you want or click Browse to locate and select the binary file.

4. Click Submit file. A File uploaded message is displayed.

5. Click Close. Binary data 1 is now displayed in the table under Binary data entries.

6. Repeat the import process (steps 2 through 5) for as many binary files as you want to add. The subsequent entries are listed as Binary data 2, Binary data 3, and so on.

7. When you are finished adding binary data, click OK.

After the first binary data file has been imported, we can perform two additional operations tp export or remove the binary data.

To export binary data:

1. If you have not already done so, click the Binary data button.

2. Select the binary file you want to export.

3. Click Export.

4. Click on the link Binary data to download.

5. Follow the directions of your wizard to either display the binary file or to save it to a new location.

6. Click Close.

7. Repeat the import process for as many binary files as you want to export.

8. When you are finished exporting data, click OK.

To remove binary data:

1. If you have not already done so, click the Binary data button.

2. Check the binary data file you want to remove. For this task multiple files can be selected.

3. Click Delete.

4. When you are prompted to confirm the deletion, click OK. The binary data marked for deletion are removed from the list.

5. When you are finished deleting data, click OK.

Note:

Binary attributes are not searchable.

 

Using the command line

Issue the command:

idsldapmodify -D <adminDN> -w <adminPW> -i <filename>

where <filename> contains the following:

dn: cn=Bob Garcia, ou=deptABC, ou=Austin, o=IBM 
changetype: modify 
add: jpegphoto 
jpegphoto:< file:///usr/local/directory/photos/Bob.jpg

 

Language tags

Notes:

1. For language tags to work correctly, your database must be configured as a UTF-8 database.

2. After enabling the language tag feature, if you associate language tags with the attributes of an entry, the server returns the entry with the language tags. This occurs even if you later disable the language tag feature. Because the behavior of the server might not be what the application is expecting, to avoid potential problems, do not disable the language tag feature after it has been enabled.

The term, language tags, defines a mechanism that enables the directory to associate natural language codes with values held in a directory and enables clients to query the directory for values that meet certain natural language requirements. The language tag is a component of an attribute description. The language tag is a string with the prefix lang-, a primary subtag of alphabetic characters and, optionally, subsequent subtags connected by a hyphen (-). The subsequent subtags can be any combination of alphanumeric characters, only the primary subtag needs to be alphabetic. The subtags can be any length, the only limitation is that the total length of the tag cannot exceed 240 characters. Language tags are case insensitive; en-us and en-US and EN-US are identical. Language tags are not allowed in components of DN or RDN. Only one language tag per attribute description is allowed.

Note:

On a per attribute basis, language tags are mutually exclusive with unique attributes. If you have designated a particular attribute as being a unique attribute, it cannot have language tags associated with it.

If language tags are included when data is added to a directory, they can be used with search operations to selectively retrieve attribute values in specific languages. If a language tag is provided in an attribute description within the requested attribute list of a search, then only attribute values in a directory entry which have the same language tag as that provided are to be returned. Thus for a search like:

idsldapsearch -b "o=sample" (objectclass=organization) description;lang-en

the server returns values of an attribute "description;lang-en", but does not return values of an attribute "description" or "description;lang-fr".

If a request is made specifying an attribute without providing a language tag, then all attribute values regardless of their language tag are returned.

The attribute type and the language tag are separated with a semicolon (;) character.

Note:

RFC2252 allows the semicolon character to be used in the "NAME" part of an AttributeType. However, because this character is being used to separate the AttributeType from the language tag, its usage in the "NAME" part of an AttributeType is no longer permitted as specified in draft-ietf-ldapbis-models-07.txt.

For example, if the client requests a "description" attribute, and a matching entry contains:

objectclass: top
objectclass: organization
o: Software GmbH
description: software
description;lang-en: software products
description;lang-de: Softwareprodukte
postalAddress: Berlin 8001 Germany
postalAddress;lang-de: Berlin 8001 Deutschland

the server returns:

description: software
description;lang-en: software products
description;lang-de: Softwareprodukte

If the search requests a "description;lang-de" attribute, then the server returns:

description;lang-de: Softwareprodukte

This type of server processing enables directories that contain multi-lingual data to support clients that operate in various languages. If an application is implemented correctly, the German client sees data entered for the lang-de attribute only, and the French client sees data entered for the lang-fr attribute only.

To determine whether the language tag feature is enabled, issue a root DSE search specifing the attribute "ibm-enabledCapabilities".

idsldapsearch -b "" -s base objectclass=* ibm-enabledCapabilities

If the OID "1.3.6.1.4.1.4203.1.5.4" is returned, the feature is enabled.

If the language tag support is not enabled, any LDAP operation that associates a language tag with an attribute is rejected with the error message:

LDAP_NO_SUCH_ATTRIBUTE

 

Attributes that cannot have associated language tags

The following attributes cannot have language tags associated with them:

• objectclass

• member

• uniquemember

• memberURL

• ibm-memberGroup

• userpassword

• secretkey

• ref

• operational attributes

• configuration attributes

• binary attributes

Or, to generate a list of attributes that cannot have language tags associated with them, use the following command:

idsldapexop -op getattributes -attrType language_tag -matches true

 

Language tag values for attributes

If the attribute supports language tag values and you want to add language tag values for a particular attribute:

1. Click Language tag values.

2. In the Language tag field, enter the name of the tag you are creating. Remember the tag must begin with the prefix lang-.

3. Enter the value for the tag in the Value field.

4. Click Add.

5. Repeat adding values as necessary, if this attribute has the Multiple values feature enabled. If the Multiple values button is not enabled, we can enter one language tag value only. See Multiple values for attributes.

6. Click OK for your values to be accepted.
   Note:

   If you do not click OK, your attribute values are not saved.

The values are added to the Display with language tags menu.

We can expand the Display with language tags menu and select a language tag. Click Change view and the attribute values that you have entered for that language tag are displayed. Any values that you add or remove in this view apply to the selected language tag only.

If the attribute supports language tag values and you want to remove one or more values for a particular attribute, see Removing a language tag descriptor from an entry.

 

Searching for entries containing attributes with language tags

Issuing the command,

idsldapsearch -b "o=sample" "cn=Mark Anthony" sn

return the following results:

cn=Mark Anthony,o=sample
sn=Anthony
sn;lang-spanish=Antonio

Note:

All versions of "sn" are displayed in the output.

Issuing the command,

idsldapsearch -b "o=sample" "cn=Mark Anthony" sn;lang-spanish

returns the following results.

cn=Mark Anthony,o=sample
sn;lang-spanish=Antonio

Note:

Only "sn;lang-spanish" is displayed in the output.

Issuing the command,

idsldapsearch -b "o=sample" "sn;lang-spanish=Antonio"

returns the entire entry:

cn=Mark Anthony,o=sample
objectclass=person
objectclass=top
cn=Mark Anthony
sn=Anthony
sn;lang-spanish=Antonio 

 

Removing a language tag descriptor from an entry

Use either of the following methods to remove a language tag descriptor from an entry:

 

Using Web Administration:

From either the Manage entries -> Edit attributes path or the Add an entry -> Select structural object class -> Select auxiliary object class -> Enter the attributes path:

1. Select the attribute from which you want to remove the language tag.

2. Click the Language tag value button to access the Language tag values panel .

3. In the Language tag field, click the language tag you want to remove.

4. Click Remove. The language tag and its values is removed from the menu list.

5. Repeat steps 3 and 4 for each language tag you want to remove.

6. When you have finished, click OK.

 

Using the command line:

Issue the command:

idsldapmodify -D <adminDN> -w <adminPW> -i <filename>

where <filename> contains:

dn: cn=Mark Anthony, o=sample
changetype: modify
delete:sn;lang-spanish
sn;lang-spanish: Antonio

This removes the attribute sn;lang-spanish that has the value "Antonio" from the entry.

If you want to delete the entire entry see Deleting an entry.

 

Deleting an entry

Note:

When you are logged into the console, the Web Administration Tool does not permit you to delete the entry that you are logged on as. For example, if you logged on as user cn=John Doe,ou=mylocale,o=mycompany,c=mycountry, and you try to delete the entry, cn=John Doe from that tree, you receive an error message. You must log on as some other user to delete the John Doe entry.

 

Using Web Administration

If you have not done so already, expand the Directory management category in the navigation area, then click Manage entries. We can expand the various subtrees and select the subtree, the suffix, or the entry that you want to work on. Click Delete.

• You are requested to confirm the deletion. Click OK.

• The entry is deleted from the entry and you are returned to the list of entries.

 

Using the command line

Issue the command:

idsldapdelete -D <adminDN> -w <adminPW> "cn=John Doe, ou=Austin, o=IBM"

 

Modifying an entry

 

Using Web Administration

If you have not done so already, expand the Directory management category in the navigation area, then click Manage entries. We can expand the various subtrees and select the entry that you want to work on. Click Edit attributes or click the RDN name of an entry in the RDN column to open the Edit attributes panel.

1. View the object class inheritance for the entry in the Object class drop-down menu. Object classes are sorted by inheritance.

2. In the Relative DN field, we can change the relative distinguished name (RDN) of the entry that you are editing; for example, change cn=Bob Garcia to cn=Robert Garcia.

3. In the Parent DN field, the distinguished name of the tree entry you selected is displayed. If your server supports the modifyDN operation (starting with IBM Tivoli Directory Server version 6.0), we can modify the Parent DN with a new superior attribute on a leaf node. We can either edit this field or we can click Browse, select a Parent DN from the list, and click Select to change the Parent DN of the entry.

4. At the Required attributes tab enter the values for the required attributes.
   Notes:

   1. If the attribute is multi-valued and you want to add more than one value for a particular attribute, click Multiple values. See Multiple values for attributes.

   2. In case of multi-valued attributes, if an attribute has values more than the maximum number of values to return for each attribute limit, then the values of the attribute is displayed using a combo box, where the number of the values displayed will be equal to the value of the limit. Also, for this attribute the Multiple values button will not be displayed and a message indicating this attribute value truncation is displayed.

   3. If an attribute requires binary data, click Binary data. See Binary data for attributes

   4. If your server has language tags enabled, click Language tag value to add or remove language tag descriptors. See Language tags and Language tag values for attributes for more information.

   5. If an attribute contains referrals, click Manage referral. See Referrals and Creating default referrals for more information.

5. Click Optional attributes.

6. At the Optional attributes tab enter the values as appropriate for the other attributes.

7. Click OK to modify the entry.

Note:

In case an entry has more attributes than the maximum number of attributes to return for each entry limit, then the entry is returned with all the values of attributes until the maximum number of attributes to return for each entry limit is reached. The attributes for which no values are returned are displayed at the lower-end of the panel. These attributes are displayed along with a message indicating that the entry is not complete.

 

Using the command line

Renaming an entry

Issue the following command to rename an entry, changing RDN from cn=Bob Garcia to cn=Robert Garcia:

idsldapmodrdn -D <adminDN> -w <adminPW> 
		-r "cn=Bob Garcia, ou=deptABC, ou=Austin, o=IBM" "cn=Robert Garcia"

Moving an entry

Issue the following command to move an entry, for example, moving Bob to a new department:

idsldapmodrdn -D <adminDN> -w <adminPW> -s "ou=deptXYZ, ou=Austin, 
		o=IBM" "cn=Bob Garcia, ou=deptABC, ou=Austin, o=IBM" "cn=Bob Garcia"

You can also issue the following command to move an entry:

idsldapmodify -D <adminDN> -w <adminPW> -i <filename>

where <filename> contains the following:

dn: cn=Bob Garcia, ou=deptABC, ou=Austin, o=IBM
changetype: modrdn
newrdn: cn=Bob Garcia
deleteoldrdn: 0
newsuperior: ou=deptXYZ, ou=Austin, o=IBM

Modifying attributes of an entry

Issue the following command to modify the attributes of an entry, for example, replacing the roomNumber attribute value:

idsldapmodify -D <adminDN> -w <adminPW> -i <filename>

where <filename> contains the following:

dn: cn=Bob Garcia, ou=deptABC, ou=Austin, o=IBM
changetype: modify
replace: roomNumber
roomNumber: 4B-014

 

Copying an entry

This function is useful if you are creating similar entries. The copy inherits all the attributes of the original. You need to make some modifications to name the new entry.

 

Using Web Administration

If you have not done so already, expand the Directory management category in the navigation area, then click Manage entries. We can expand the various subtrees and select the entry, such as John Doe, that you want to work on. Expand the Select Action drop-down menu, select Copy, and click Go.

1. Change the RDN entry in the DN field. For example change cn=John Doe to cn=Jim Smith.

2. If your server supports the modifyDN operation (starting with IBM Tivoli Directory Server version 6.0), we can modify the Parent DN with a new superior attribute on a leaf node. We can either edit this field or we can click Browse, select a Parent DN from the list, and click Select to change the Parent DN of the entry.

3. On the required attributes tab, change the cn entry to the new RDN. In this example Jim Smith.

4. Change the other required attributes as appropriate. In this example change the sn attribute from Doe to Smith.

5. Click Next to display the Optional attributes tab.

6. Change the optional attributes as appropriate and click Next to display the Static memberships tab.

7. At the Static memberships tab, choose the group memberships that you want the copied entry to be a member of. This tab also allows the user to edit the memberships of the copied entry.
   Note:

   The Static memberships tab is only displayed when you copy an entry, where the entry being copied is a member of a static group. In case an entry is not a member of a static group, the Static memberships tab will not be displayed for the Copy entry operation.

8. When you have finished making the necessary changes click Finish to create the new entry.

9. The new entry Jim Smith is added to the bottom of the entry list.

Note:

This procedure copies only the attributes of the entry. The group memberships of the original entry are not copied to the new entry. See Managing memberships for an entry to add memberships to the entry.

 

Using the command line

Do the following to copy an entry using the command line:

1. Search to get the current entry back in LDIF form. Issue the following command:

   idsldapsearch -L -s base -b "cn=Bob Garcia, 
   		ou=deptABC, ou=Austin, o=IBM" (objectclass=*)

   which returns something like the following (save this information to a file):

   dn: cn=Bob Garcia, ou=deptABC, ou=Austin, o=IBM 
   cn: Bob Garcia 
   cn: Robert Garcia 
   objectclass: inetOrgPerson 
   objectclass: organizationalPerson 
   objectclass: person 
   objectclass: top 
   sn: Garcia 
   roomNumber: 4B-014

2. Edit the entry to change the name and room number in the new entry:

   DN  dn: Matt Morris, ou=deptABC, ou=Austin, o=IBM 
   cn: Matt Morris 
   cn: Matthew Morris 
   objectclass: inetOrgPerson 
   objectclass: organizationalPerson 
   objectclass: person 
   objectclass: top 
   sn: Morris 
   roomNumber: 2B-001

3. Add the new entry. Issue the following command:

   idsldapadd -D <adminDN> -w <adminPW> -i <filename>

 

Editing access control lists for an entry

To edit the access control lists (ACLs) for an entry:

1. If you have not done so already, expand the Directory management category in the navigation area .

2. Click Manage entries.

3. Expand the various subtrees and select the entry, such as cn=Robert Garcia,ou=Austin,o=sample, that you want to work on.

4. Expand the Select Action drop-down menu.

5. Select Edit ACL.

6. Click Go.

To view ACL properties using the Web Administration Tool utility and to work with ACLs, see Working with ACLs.

See Access control lists for additional information.

 

Adding an auxiliary object class

 

Using Web Administration

If you have not done so already, expand the Directory management category in the navigation area, then click Manage entries. We can expand the various subtrees and select the entry, such as John Doe, that you want to work on. From the Select Action drop-down menu scroll down and select Add auxiliary class and click Go.

1. Select a filter object class from the drop-down menu and click Refresh.

2. Select any Auxiliary object classes you wish to use from the Available box and click Add. Repeat this process for each auxiliary object class you want to add. We can also delete an auxiliary object class from the Selected box by selecting it and clicking Remove.

3. Click Next.

4. At the Required attributes tab enter the values for the required attributes.
   Notes:

   1. If the attribute is multi-valued and you want to add more than one value for a particular attribute, click Multiple values. See Multiple values for attributes.

   2. If an attribute requires binary data, click Binary data. See Binary data for attributes

   3. If your server has language tags enabled, click Language tag value to add or remove language tag descriptors. See Language tags and Language tag values for attributes for more information.

   4. If an attribute contains referrals, click Manage referral. See Referrals and Creating default referrals for more information.

5. Click Optional attributes.

6. At the Optional attributes tab enter the values as appropriate for the other attributes.

7. Click Finish to modify the entry.

 

Using the command line

Issue the following command:

idsldapmodify -D <adminDN> -w <adminPW> -i <filename>

where <filename> contains the following:

Note:

The hyphen ( - ) on the 5th line is important.

dn: cn=Bob Garcia, ou=deptABC, ou=Austin, o=IBM 
changetype: modify 
add: objectclass 
objectclass: uniquelyIdentifiedUser 
- 
add: serialNumber 
serialNumber: 738393  

Any attributes that are required by the auxiliary object class must be added to the entry as part of the same modify operation.

 

Deleting an auxiliary object class

Although we can delete an auxiliary class during the add auxiliary class procedure, it is easier to use the delete auxiliary object class function if you are going to delete a single auxiliary class from an entry. However, it might be more convenient to use the add auxiliary class procedure if you are going to delete multiple auxiliary classes from an entry.

 

Using Web Administration

1. If you have not done so already, expand the Directory management category in the navigation area, then click Manage entries. We can expand the various subtrees and select the entry, such as John Doe, that you want to work on. From the Select Action drop-down menu scroll down and select Delete auxiliary class and click Go.

2. From the list of auxiliary object classes select the auxiliary classes you want to delete and press OK.

3. You are asked to confirm the deletion, click OK.

4. The auxiliary object classes are deleted from the entry and you are returned to the list of entries.

 

Using the command line

Issue the following command:

idsldapmodify -D <adminDN> -w <adminPW> -i <filename>

where <filename> contains the following:

Note:

The hyphen ( - ) on the 5th line is important.

dn: cn=Bob Garcia, ou=deptABC, ou=Austin, o=IBM 
changetype: modify 
delete: objectclass 
objectclass: uniquelyIdentifiedUser 
- 
delete: serialNumber 
serialNumber: 738393 

Any attributes that were allowed in the entry only because of the auxiliary object class must be deleted from the entry as part of the same modify operation.

 

Searching the directory entries

There are three options for searching the directory tree:

• A Simple search using a predefined set of search criteria

• An Advanced search using a user-defined set of search criteria

• A Manual search

The search options are accessible by expanding the Directory management category in the navigation area, click Find entries. Select one of the following tabs:

Note:

Binary attributes such as userpassword are only searchable to find if they actually exist.

 

Search filters

Select on of the following types of searches:

 

Simple search

A simple search uses a default search criteria:

• Base DN is All suffixes

• Search scope is Subtree

• Search size is 500

• Time limit is 900

• Alias dereferencing is never

• Chase referrals is deselected (off)

To perform a simple search:

1. On the Search filter tab, click Simple.

2. Select an object classes from the drop-down list.

3. If your server has language tags enabled, we can specify a language tag. See Language tags for more information.

4. Select a specific attribute for the selected entry type. If you select to search on a specific attribute, select an attribute from the drop-down list and enter the attribute value in the Is equal to box. If you do not specify an attribute, the search returns all the directory entries of the selected entry type.

5. Click OK.

 

Advanced search

An advanced search enables you to specify search constraints and enable search filters. The default search criteria are the same as those for a simple search.

• To perform an advanced search:

  1. On the Search filter tab, click Advanced .

  2. Click Add.

  3. Select an Attribute from the drop-down list.

  4. If your server has language tags enabled, we can specify a language tag. See Language tags for more information.

  5. Select a Comparison operator

     • Is equal to - The attribute is equal to the value.

     • Is not equal to - The attribute is not equal to the value.

     • Is less than or equal to - The attribute is less than or equal to the value.

     • Is greater than or equal to - The attribute is greater than or equal to the value.

     • Is approximately equal to - The attribute is approximately equal to the value.

  6. Enter the Value for comparison.

  7. If you already added at least one search filter, specify the additional criteria and select an operator from the Operator drop-down menu. The AND command returns entries that match both sets of search filter criteria. The OR command returns entries that match either set of search filter criteria. The default operator is AND.

  8. Click OK to add the search filter criteria to the advanced search.

     The Search results table contains the following columns:

     • Select - Select the radio button next to the name of the filter you want to add, edit or delete.

     • Attribute - The attribute on which the filter is performed, for example, objectclass.

     • Comparison - The filter's comparison criteria, for example, Is equal to.

     • Value - The value used for comparison; for example, the wildcard value (*).

     • Operator - The search operator that was specified, for example, AND.

  9. Click the check box to select each filter that you want to use in the search.

  10. Change any of the default settings on the Options tab. See Options.

  11. Click OK to begin the search.

      The Search results table contains the following columns:

      • Select - Select the radio button next to the name of the entry you want to perform and action.

      • RDN - The RDN of the entry.

      • Object class - The object class to which the entry belongs.

      • Created - The date the entry was created.

      • Last modified - The date the entry was last modified.

      • Last modified by - The ID of the user who last modified the entry.

  12. After viewing the search results click, we can modify the entry attributes (see Working with directory entries) or click Close to return to the Find entries panel.

To modify a search filter:

1. Select the filter you want to modify.

2. Click edit.

3. Change any of the fields that were set when you added the search filter.

4. Click OK.

To remove the search filters:

• Click the check box to select each filter that you want to remove.

• Click Remove to remove the search filter criteria from the advanced search.
  Note:

  If you want to clear all search filters, click Remove all.

 

Manual search

Notes:

1. Avoid using wildcard searches where the wildcard is in any position other than the leading character in a term, or a trailing character. Use wildcard searches that are similar to the following (leading character):

   sn=*term

   or the following (trailing character):

   sn=term*

2. Do not use both wildcard searches simultaneously.

Use this method to create a search filter. The default search criteria are the same as those for a simple search. For example to search on surnames enter sn=* in the field. If you are searching on multiple attributes, use search filter syntax. For example to search for the surnames of a particular department you enter:

(&(sn=*)(dept=<departmentname>))

 

Options

At the Options tab:

• Search base DN - Choose one of the radio buttons to select a search base:

  • DN - Select the DN radio button if you want to specify the search base explicitly. Enter the search base in the DN field; for example, o=sample.

  • Suffix - Select a suffix from the Suffix drop-down menu to search only within that suffix. If you started this task from the "Manage entries" panel, this field is prefilled for you.

  • All suffixes - Select All suffixes to search the entire tree

• Search scope

  • Select Object to search only within the selected object.

  • Select Single level to search only within the immediate children of the selected object.

  • Select Subtree to search the selected object all descendants of the selected object.

• Search size limit - Enter the maximum number of entries to search or select Unlimited.

• Search time limit - Enter the maximum number of seconds for the search or select Unlimited.

• If the server supports alias dereferencing, select a type of Alias dereferencing from the drop-down list.

  • Never - If the selected entry is an alias, it is not dereferenced for the search, that is, the search ignores the reference to the alias. Also, entries found in the search are not dereferenced.

  • Find - If the selected entry is an alias, the search dereferences the alias and search from the location of the alias.

  • Search - The selected entry is not dereferenced, but any entries found in the search are dereferenced.

  • Always - All aliases encountered in the search are dereferenced.

• Select the Chase referrals check box to follow referrals to another server if a referral is returned in the search. When a referral directs the search to another server, the connection to the server uses the current credentials. If you are logged in as Anonymous you might need to log in to the server using an authenticated DN.

  If an entry is found on the referred server, the Search results panel shows only the DN of the entry. Other columns such as object class, modified timestamp and so forth are not shown. You are not able to perform such operations as Edit Acls, Delete, Add auxiliary or Delete auxiliary on the referral entry.

  See Referrals and Access control listsfor more information.

See Setting Searches for additional information about searches.

[ Top of Page | Previous Page | Next Page | Contents | Index ]