Stages Documentation

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
Next revisionBoth sides next revision
72:ldap_optional_attributes [2018/07/16 13:50] – [Optional Attributes] bkkr72:ldap_optional_attributes [2020/01/17 10:35] – [Optional Attributes] evt
Line 41: Line 41:
 The syntax used to build up the filter expression is specified in RFC 2254. Some examples are provided below: The syntax used to build up the filter expression is specified in RFC 2254. Some examples are provided below:
  
-^Filter Expression^Meaning| | +^Filter Expression^Meaning| | 
-|(objectClass=*)|All objects| | +|(objectClass=*)|All objects| | 
-|(sn=sm*)|All entries with a surname that starts with "sm"| | +|(sn=sm*)|All entries with a surname that starts with "sm"| | 
-|(&(sn=smith)(objectClass=user)(email=*))|All entries that are users having the surname "smith" and an email address.| | +|(&(sn=smith)(objectClass=user)(email=*))|All entries that are users having the surname "smith" and an email address.| | 
-|(&(objectClass=user)(!age<18)<font inherit/Arial,Helvetica,sans-serif;;inherit;;inherit>(|(sn=smith)(sn=wright))</font>)|All entries that are users having surname set to "smith" or "wright" and are older than 18| |+|(&(objectClass=user)(!age<18)<font inherit/Arial,Helvetica,sans-serif;;inherit;;inherit>(</font>|(sn=smith)(sn=wright)))|All entries that are users having surname set to "smith" or "wright" and are older than 18| |
  
-**NOTE**: In the <font inherit/Courier New,Courier,monospace;;inherit;;inherit>PKitConfig.xml</font> file the character “&“ has to be escaped via “&“. Otherwise errors parsing the configuration file could occur.+**NOTE**: In the <font inherit/Courier New,Courier,monospace;;inherit;;inherit>Config.xml</font> file the character “&“ has to be escaped via “&“. Otherwise errors parsing the configuration file could occur.
  
 There is a special memberOf keyword available on many LDAP directory servers. In the case of Microsoft Active Directory, groups are represented via entries of object class “group“ by default. The distinguished names of the group members are set in the member attributes of the group entry. On the other hand, the distinguished name of every group a user is part of is automatically set in a <font inherit/Courier New,Courier,monospace;;inherit;;inherit>memberOf</font>attribute of the user entry. There is a special memberOf keyword available on many LDAP directory servers. In the case of Microsoft Active Directory, groups are represented via entries of object class “group“ by default. The distinguished names of the group members are set in the member attributes of the group entry. On the other hand, the distinguished name of every group a user is part of is automatically set in a <font inherit/Courier New,Courier,monospace;;inherit;;inherit>memberOf</font>attribute of the user entry.
Line 74: Line 74:
 The ondemandFilter must contain the placeholder character “%” that will be replaced by the username when queries on the LDAP repository are made. The ondemandFilter must contain the placeholder character “%” that will be replaced by the username when queries on the LDAP repository are made.
  
-Example: ''<font inherit/Courier New,Courier,monospace;;inherit;;inherit>ondemandFilter=“(sAMAccountName=%,cn=Users,dc=methodpark,dc=com)”</font>'' +Example: ''ondemandFilter=“(sAMAccountName=%,cn=Users,dc=methodpark,dc=com)”''
 === The matchUsersMode Attribute === === The matchUsersMode Attribute ===