LDAPSearchFilter
This type is a class for model objects.
Configuration for searching the user registry to find user information for authentication purposes.
Package: security
Classifier ID: -1
Instance class name: * Unspecified *
Instance class: * Unspecified *
Reference attributes having this type:
LDAPUserRegistry.searchFilter
Attributes Summary userFilter : EString An LDAP filter clause for searching the registry for users. It is typically used for Security Role to User assignment. It specifies the property by which to look up users in the directory service. For example, to look up users based on their user IDs, specify (ampersand(uid=%v)(objectclass=inetOrgPerson) where ampersand is the ampersand symbol. For more information about this syntax, see the LDAP directory service documentation. krbUserFilter : EString Specify a LDAP attribute name for the Kerberos principal name, usually it's krbPrincipal. This is needed only for Kerberos authentication mechanism. groupFilter : EString An LDAP filter clause for searching the registry for groups. It is typically used for Security Role to Group assignment. It specifies the property by which to look up groups in the directory service. For more information about this syntax, see the LDAP directory service documentation. userIdMap : EString An LDAP filter that maps the short name of a user to an LDAP entry. Specifies the piece of information that should represent users when users are displayed. For example, to display entries of the type object class = inetOrgPerson by their IDs, specify inetOrgPerson:uid. This field takes multiple objectclass:property pairs delimited by a semicolon (";"). groupIdMap : EString An LDAP filter that maps the short name of a group to an LDAP entry. Specifies the piece of information that should represent groups when groups are displayed. For example, to display groups by their names, specify *:cn. The * is a wildcard character that searches on any object class in this case. This field takes multiple objectclass:property pairs delimited by a semicolon (";"). groupMemberIdMap : EString An LDAP filter that identifies User to Groups memberships. Specifies which property of an objectclass stores the list of members belonging to the group represented by the objectclass. This field takes multiple objectclass:property pairs delimited by a semicolon (";"). For more information about this syntax, see the LDAP directory service documentation. certificateMapMode : CertificateMapMode Whether to map X.509 Certificates into an LDAP directory by EXACT_DN or CERTIFICATE_FILTER. Specify CERTIFICATE_FILTER to use the specified Certificate Filter for the mapping. certificateFilter : EString If we specified the Filter Certificate mapping, this property specifies the certificate property against which to check certificate validity.
Attribute Details
userFilter - An LDAP filter clause for searching the registry for users. It is typically used for Security Role to User assignment. It specifies the property by which to look up users in the directory service. For example, to look up users based on their user IDs, specify (ampersand(uid=%v)(objectclass=inetOrgPerson) where ampersand is the ampersand symbol. For more information about this syntax, see the LDAP directory service documentation.
Data Type: EString
Default value: unspecified
Required: false
Changeable: true
Unsettable: false
Many: false
Ordered: true
Lower bound: 0
Upper bound: 1
Unique: true
Derived: false
Transient: false
Volatile: false
krbUserFilter - Specify a LDAP attribute name for the Kerberos principal name, usually it's krbPrincipal. This is needed only for Kerberos authentication mechanism.
Data Type: EString
Default value: unspecified
Required: false
Changeable: true
Unsettable: false
Many: false
Ordered: true
Lower bound: 0
Upper bound: 1
Unique: true
Derived: false
Transient: false
Volatile: false
groupFilter - An LDAP filter clause for searching the registry for groups. It is typically used for Security Role to Group assignment. It specifies the property by which to look up groups in the directory service. For more information about this syntax, see the LDAP directory service documentation.
Data Type: EString
Default value: unspecified
Required: false
Changeable: true
Unsettable: false
Many: false
Ordered: true
Lower bound: 0
Upper bound: 1
Unique: true
Derived: false
Transient: false
Volatile: false
userIdMap - An LDAP filter that maps the short name of a user to an LDAP entry. Specifies the piece of information that should represent users when users are displayed. For example, to display entries of the type object class = inetOrgPerson by their IDs, specify inetOrgPerson:uid. This field takes multiple objectclass:property pairs delimited by a semicolon (";").
Data Type: EString
Default value: unspecified
Required: false
Changeable: true
Unsettable: false
Many: false
Ordered: true
Lower bound: 0
Upper bound: 1
Unique: true
Derived: false
Transient: false
Volatile: false
groupIdMap - An LDAP filter that maps the short name of a group to an LDAP entry. Specifies the piece of information that should represent groups when groups are displayed. For example, to display groups by their names, specify *:cn. The * is a wildcard character that searches on any object class in this case. This field takes multiple objectclass:property pairs delimited by a semicolon (";").
Data Type: EString
Default value: unspecified
Required: false
Changeable: true
Unsettable: false
Many: false
Ordered: true
Lower bound: 0
Upper bound: 1
Unique: true
Derived: false
Transient: false
Volatile: false
groupMemberIdMap - An LDAP filter that identifies User to Groups memberships. Specifies which property of an objectclass stores the list of members belonging to the group represented by the objectclass. This field takes multiple objectclass:property pairs delimited by a semicolon (";"). For more information about this syntax, see the LDAP directory service documentation.
Data Type: EString
Default value: unspecified
Required: false
Changeable: true
Unsettable: false
Many: false
Ordered: true
Lower bound: 0
Upper bound: 1
Unique: true
Derived: false
Transient: false
Volatile: false
certificateMapMode - Whether to map X.509 Certificates into an LDAP directory by EXACT_DN or CERTIFICATE_FILTER. Specify CERTIFICATE_FILTER to use the specified Certificate Filter for the mapping.
Data Type: CertificateMapMode
Default value: unspecified
Allowed values:
0 - EXACT_DN
1 - CERTIFICATE_FILTER
Required: false
Changeable: true
Unsettable: true
Many: false
Ordered: true
Lower bound: 0
Upper bound: 1
Unique: true
Derived: false
Transient: false
Volatile: false
certificateFilter - If we specified the Filter Certificate mapping, this property specifies the certificate property against which to check certificate validity.
Data Type: EString
Default value: unspecified
Required: false
Changeable: true
Unsettable: false
Many: false
Ordered: true
Lower bound: 0
Upper bound: 1
Unique: true
Derived: false
Transient: false
Volatile: false
(C) COPYRIGHT International Business Machines Corp. 1996-2006