LDAPSearchFilter


This type is a class for model objects.

Configuration for searching the user registry to find user information for authentication purposes.

Package: security

Classifier ID:  -1
Instance class name:  * Unspecified *
Instance class:  * Unspecified *

Reference attributes having this type:
  LDAPUserRegistry.searchFilter



Attributes Summary
userFilter : EString An LDAP filter clause for searching the registry for users. It is typically used for Security Role to User assignment. It specifies the property by which to look up users in the directory service. For example, to look up users based on their user IDs, specify (ampersand(uid=%v)(objectclass=inetOrgPerson) where ampersand is the ampersand symbol. For more information about this syntax, see the LDAP directory service documentation.
krbUserFilter : EString Specify a LDAP attribute name for the Kerberos principal name, usually it's krbPrincipal. This is needed only for Kerberos authentication mechanism.
groupFilter : EString An LDAP filter clause for searching the registry for groups. It is typically used for Security Role to Group assignment. It specifies the property by which to look up groups in the directory service. For more information about this syntax, see the LDAP directory service documentation.
userIdMap : EString An LDAP filter that maps the short name of a user to an LDAP entry. Specifies the piece of information that should represent users when users are displayed. For example, to display entries of the type object class = inetOrgPerson by their IDs, specify inetOrgPerson:uid. This field takes multiple objectclass:property pairs delimited by a semicolon (";").
groupIdMap : EString An LDAP filter that maps the short name of a group to an LDAP entry. Specifies the piece of information that should represent groups when groups are displayed. For example, to display groups by their names, specify *:cn. The * is a wildcard character that searches on any object class in this case. This field takes multiple objectclass:property pairs delimited by a semicolon (";").
groupMemberIdMap : EString An LDAP filter that identifies User to Groups memberships. Specifies which property of an objectclass stores the list of members belonging to the group represented by the objectclass. This field takes multiple objectclass:property pairs delimited by a semicolon (";"). For more information about this syntax, see the LDAP directory service documentation.
certificateMapMode : CertificateMapMode Whether to map X.509 Certificates into an LDAP directory by EXACT_DN or CERTIFICATE_FILTER. Specify CERTIFICATE_FILTER to use the specified Certificate Filter for the mapping.
certificateFilter : EString If we specified the Filter Certificate mapping, this property specifies the certificate property against which to check certificate validity.



Attribute Details

userFilter  -  An LDAP filter clause for searching the registry for users. It is typically used for Security Role to User assignment. It specifies the property by which to look up users in the directory service. For example, to look up users based on their user IDs, specify (ampersand(uid=%v)(objectclass=inetOrgPerson) where ampersand is the ampersand symbol. For more information about this syntax, see the LDAP directory service documentation.
    Data Type: EString
    Default value:  unspecified
    Required:  false
    Changeable:  true
    Unsettable:  false
    Many:  false
    Ordered:  true
    Lower bound:  0
    Upper bound:  1
    Unique:  true
    Derived:  false
    Transient:  false
    Volatile:  false

krbUserFilter  -  Specify a LDAP attribute name for the Kerberos principal name, usually it's krbPrincipal. This is needed only for Kerberos authentication mechanism.
    Data Type: EString
    Default value:  unspecified
    Required:  false
    Changeable:  true
    Unsettable:  false
    Many:  false
    Ordered:  true
    Lower bound:  0
    Upper bound:  1
    Unique:  true
    Derived:  false
    Transient:  false
    Volatile:  false

groupFilter  -  An LDAP filter clause for searching the registry for groups. It is typically used for Security Role to Group assignment. It specifies the property by which to look up groups in the directory service. For more information about this syntax, see the LDAP directory service documentation.
    Data Type: EString
    Default value:  unspecified
    Required:  false
    Changeable:  true
    Unsettable:  false
    Many:  false
    Ordered:  true
    Lower bound:  0
    Upper bound:  1
    Unique:  true
    Derived:  false
    Transient:  false
    Volatile:  false

userIdMap  -  An LDAP filter that maps the short name of a user to an LDAP entry. Specifies the piece of information that should represent users when users are displayed. For example, to display entries of the type object class = inetOrgPerson by their IDs, specify inetOrgPerson:uid. This field takes multiple objectclass:property pairs delimited by a semicolon (";").
    Data Type: EString
    Default value:  unspecified
    Required:  false
    Changeable:  true
    Unsettable:  false
    Many:  false
    Ordered:  true
    Lower bound:  0
    Upper bound:  1
    Unique:  true
    Derived:  false
    Transient:  false
    Volatile:  false

groupIdMap  -  An LDAP filter that maps the short name of a group to an LDAP entry. Specifies the piece of information that should represent groups when groups are displayed. For example, to display groups by their names, specify *:cn. The * is a wildcard character that searches on any object class in this case. This field takes multiple objectclass:property pairs delimited by a semicolon (";").
    Data Type: EString
    Default value:  unspecified
    Required:  false
    Changeable:  true
    Unsettable:  false
    Many:  false
    Ordered:  true
    Lower bound:  0
    Upper bound:  1
    Unique:  true
    Derived:  false
    Transient:  false
    Volatile:  false

groupMemberIdMap  -  An LDAP filter that identifies User to Groups memberships. Specifies which property of an objectclass stores the list of members belonging to the group represented by the objectclass. This field takes multiple objectclass:property pairs delimited by a semicolon (";"). For more information about this syntax, see the LDAP directory service documentation.
    Data Type: EString
    Default value:  unspecified
    Required:  false
    Changeable:  true
    Unsettable:  false
    Many:  false
    Ordered:  true
    Lower bound:  0
    Upper bound:  1
    Unique:  true
    Derived:  false
    Transient:  false
    Volatile:  false

certificateMapMode  -  Whether to map X.509 Certificates into an LDAP directory by EXACT_DN or CERTIFICATE_FILTER. Specify CERTIFICATE_FILTER to use the specified Certificate Filter for the mapping.
    Data Type: CertificateMapMode
    Default value:  unspecified
    Allowed values:
        0 - EXACT_DN
        1 - CERTIFICATE_FILTER
    Required:  false
    Changeable:  true
    Unsettable:  true
    Many:  false
    Ordered:  true
    Lower bound:  0
    Upper bound:  1
    Unique:  true
    Derived:  false
    Transient:  false
    Volatile:  false

certificateFilter  -  If we specified the Filter Certificate mapping, this property specifies the certificate property against which to check certificate validity.
    Data Type: EString
    Default value:  unspecified
    Required:  false
    Changeable:  true
    Unsettable:  false
    Many:  false
    Ordered:  true
    Lower bound:  0
    Upper bound:  1
    Unique:  true
    Derived:  false
    Transient:  false
    Volatile:  false



(C) COPYRIGHT International Business Machines Corp. 1996-2006