Stages Documentation

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Last revisionBoth sides next revision
72:ldap_optional_attributes [2023/12/05 09:16] – [Optional Attributes] mmk72:ldap_optional_attributes [2023/12/05 09:17] – [Optional Attributes] mmk
Line 35: Line 35:
 The referrals attribute can be used to configure the handling of LDAP referrals. Possible behavior and values are “follow“ or “ignore“. By default, Stages will follow referrals. The referrals attribute can be used to configure the handling of LDAP referrals. Possible behavior and values are “follow“ or “ignore“. By default, Stages will follow referrals.
  
-=== The ignorePartialResultExeption ===+=== The ignorePartialResultExeption Attribute ===
  
 When enabled, this attribute causes the PartialResultException to be ignored if the referrals attribute is set to "ignore".\\ When enabled, this attribute causes the PartialResultException to be ignored if the referrals attribute is set to "ignore".\\
Line 50: Line 50:
 |(sn=sm*)|All entries with a surname that starts with "sm"| | | |(sn=sm*)|All entries with a surname that starts with "sm"| | |
 |(&(sn=smith)(objectClass=user)(email=*))|All entries that are users having the surname "smith" and an email address.| | | |(&(sn=smith)(objectClass=user)(email=*))|All entries that are users having the surname "smith" and an email address.| | |
-|(&(objectClass=user)(!age<18) <font inherit/Arial,Helvetica,sans-serif;;inherit;;inherit>(</font> |(sn=smith)(sn=wright)))|All entries that are users having surname set to "smith" or "wright" and are older than 18| |+|(&(objectClass=user)(!age<18) 
 + <font inherit/Arial,Helvetica,sans-serif;;inherit;;inherit>(</font> |(sn=smith)(sn=wright)))|All entries that are users having surname set to "smith" or "wright" and are older than 18| |
  
 **NOTE**: In the **NOTE**: In the
Line 56: Line 57:
  
 There is a special memberOf keyword available on many LDAP directory servers. In the case of Microsoft Active Directory, groups are represented via entries of object class “group“ by default. The distinguished names of the group members are set in the member attributes of the group entry. On the other hand, the distinguished name of every group a user is part of is automatically set in a There is a special memberOf keyword available on many LDAP directory servers. In the case of Microsoft Active Directory, groups are represented via entries of object class “group“ by default. The distinguished names of the group members are set in the member attributes of the group entry. On the other hand, the distinguished name of every group a user is part of is automatically set in a
- <font inherit/Courier New,Courier,monospace;;inherit;;inherit>memberOf</font> attribute of the user entry.+ <font inherit/Courier New,Courier,monospace;;inherit;;inherit>memberOf</font>  attribute of the user entry.
  
 The following search filter example shows how to filter users according to a certain group membership using the memberOf attribute: The following search filter example shows how to filter users according to a certain group membership using the memberOf attribute:
  
-'' <font inherit/Courier New,Courier,monospace;;inherit;;inherit>searchFilter="(memberOf=CN=SampleGroup,DC=pkit,DC=methodpark,DC=de)“</font> ''+'' <font inherit/Courier New,Courier,monospace;;inherit;;inherit>searchFilter="(memberOf=CN=SampleGroup,DC=pkit,DC=methodpark,DC=de)“</font>  ''
  
 If the memberOf attribute is not available on your LDAP directory server, it is possible to retrieve the members of a certain group by querying the member attribute of a group entry. If the memberOf attribute is not available on your LDAP directory server, it is possible to retrieve the members of a certain group by querying the member attribute of a group entry.
  
 The following search filter example shows how to query the users of a group without using the The following search filter example shows how to query the users of a group without using the
- <font inherit/Courier New,Courier,monospace;;inherit;;inherit>memberOf</font> attribute:+ <font inherit/Courier New,Courier,monospace;;inherit;;inherit>memberOf</font>  attribute:
  
-'' <font inherit/Courier New,Courier,monospace;;inherit;;inherit>searchFilter="distinguishedName=CN=SomeGroup,DC=er,DC=methodpark,DC=de"</font> ''+'' <font inherit/Courier New,Courier,monospace;;inherit;;inherit>searchFilter="distinguishedName=CN=SomeGroup,DC=er,DC=methodpark,DC=de"</font>  ''
  
 The filter specifies that the distinguished name of the (group) entry has to be The filter specifies that the distinguished name of the (group) entry has to be
- <font inherit/Courier New,Courier,monospace;;inherit;;inherit>“CN=SomeGroup,DC=er,DC=methodpark,DC=de“</font> . In order to state the attribute name, which contains the distinguished name of the group members, the attribute+ <font inherit/Courier New,Courier,monospace;;inherit;;inherit>“CN=SomeGroup,DC=er,DC=methodpark,DC=de“</font>  . In order to state the attribute name, which contains the distinguished name of the group members, the attribute
  <font inherit/Courier New,Courier,monospace;;inherit;;inherit>groupMemberAttribute</font>  has to be set, e.g. to  <font inherit/Courier New,Courier,monospace;;inherit;;inherit>groupMemberAttribute</font>  has to be set, e.g. to
  <font inherit/Courier New,Courier,monospace;;inherit;;inherit>“member“</font>  in the case of Active Directory.  <font inherit/Courier New,Courier,monospace;;inherit;;inherit>“member“</font>  in the case of Active Directory.
  
 A complete example for retrieving group members without using the A complete example for retrieving group members without using the
- <font inherit/Courier New,Courier,monospace;;inherit;;inherit>memberOf</font> attribute is listed below.+ <font inherit/Courier New,Courier,monospace;;inherit;;inherit>memberOf</font>  attribute is listed below.
  
 '' <font inherit/Courier New,Courier,monospace;;inherit;;inherit>searchFilter="distinguishedName=CN=SomeGroup,DC=er,DC=methodpark,DC=de"\\ '' <font inherit/Courier New,Courier,monospace;;inherit;;inherit>searchFilter="distinguishedName=CN=SomeGroup,DC=er,DC=methodpark,DC=de"\\
-groupMemberAttribute="member“</font> ''+groupMemberAttribute="member“</font>  ''
  
 === The ondemandFilter Attribute === === The ondemandFilter Attribute ===