Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision | ||
72:ldap_optional_attributes [2018/07/16 13:49] – [Optional Attributes] bkkr | 72:ldap_optional_attributes [2020/01/17 10:34] – [Optional Attributes] evt | ||
---|---|---|---|
Line 41: | Line 41: | ||
The syntax used to build up the filter expression is specified in RFC 2254. Some examples are provided below: | The syntax used to build up the filter expression is specified in RFC 2254. Some examples are provided below: | ||
- | ^Filter Expression^Meaning| | | + | ^Filter Expression^Meaning| | | |
- | |(objectClass=*)|All objects| | | + | |(objectClass=*)|All objects| | | |
- | |(sn=sm*)|All entries with a surname that starts with " | + | |(sn=sm*)|All entries with a surname that starts with " |
- | |(& | + | |(& |
- | |(& | + | |(& |
- | **NOTE**: In the <font inherit/ | + | **NOTE**: In the <font inherit/ |
There is a special memberOf keyword available on many LDAP directory servers. In the case of Microsoft Active Directory, groups are represented via entries of object class “group“ by default. The distinguished names of the group members are set in the member attributes of the group entry. On the other hand, the distinguished name of every group a user is part of is automatically set in a <font inherit/ | There is a special memberOf keyword available on many LDAP directory servers. In the case of Microsoft Active Directory, groups are represented via entries of object class “group“ by default. The distinguished names of the group members are set in the member attributes of the group entry. On the other hand, the distinguished name of every group a user is part of is automatically set in a <font inherit/ | ||
Line 74: | Line 74: | ||
The ondemandFilter must contain the placeholder character “%” that will be replaced by the username when queries on the LDAP repository are made. | The ondemandFilter must contain the placeholder character “%” that will be replaced by the username when queries on the LDAP repository are made. | ||
- | Example: '' | + | Example: '' |
=== The matchUsersMode Attribute === | === The matchUsersMode Attribute === | ||
Line 82: | Line 81: | ||
Possible values for the matchUserMode attribute are: | Possible values for the matchUserMode attribute are: | ||
- | * username | + | * |
- | * fullname | + | |
- | + | username | |
+ | |||
+ | * | ||
+ | |||
+ | fullname | ||
+ | |||
+ | * | ||
+ | |||
+ | |||
If no explicit value is set for that attribute then the username will be used for that purpose. | If no explicit value is set for that attribute then the username will be used for that purpose. | ||
Line 100: | Line 107: | ||
The defaultLicenseType attribute specifies which license type shall be granted to a newly created LDAP user. Possible values for that attribute are: | The defaultLicenseType attribute specifies which license type shall be granted to a newly created LDAP user. Possible values for that attribute are: | ||
- | * QM | + | * |
- | * PM | + | |
- | * Dev | + | QM |
- | * none | + | |
+ | * | ||
+ | |||
+ | PM | ||
+ | |||
+ | * | ||
+ | |||
+ | Dev | ||
+ | |||
+ | * | ||
+ | |||
+ | none | ||
The specified license type is only assigned if the corresponding license limit for that type is not reached. If the defaultLicenseType attribute is not specified then the value of the configuration property license.types.initialType is used for that purpose. | The specified license type is only assigned if the corresponding license limit for that type is not reached. If the defaultLicenseType attribute is not specified then the value of the configuration property license.types.initialType is used for that purpose. |