Definition
LDAP search filter to use in search templates when performing a native mode search. The compatibility mode RFC 2247 algorithm search requires this attribute, but ignores its value.
Used during authentication to map login name in that domain to an LDAP entry.
The following variables can be used in constructing the filter:
-
%U–Name part of the login name (that is, everything before the login separator stored in the servers configuration)
-
%V–Domain part of the login string
-
%o–Original login ID entered by the user
If this attribute is missing, it is equivalent to:
(&(objectclass=inetOrgPerson)(uid=%U))
Namespaces where users are provisioned with compound uids, such as uid=john_siroe.com, where john is the userID and siroe.com is the domain, would use a search filter of uid=%U_%V. This maps a login string of john@siroe.com (where @ is the login separator for the service) into a search request by the service for an entry’s namespace of siroe.com, where uid=john_siroe.com.
An alternate example of using this attribute would be for sites wanting to log people in based on their employee identification. Assuming the attribute empID in user entries stores employee identifications, the search filter would be:
(&(objectclass=inetOrgPerson)(empID=%U)).
This attribute must return a unique match for valid users within the inetDomainBaseDN subtree.
- © 2010, Oracle Corporation and/or its affiliates