C.1. How to Edit LDAP Filters and Attributes

Oracle VDI uses various LDAP filters and attribute lists to look up and interpret the data stored in the user directory.

Oracle VDI comes with some default LDAP filters that are suitable for Active Directory or Oracle Directory Server Enterprise Edition. But these filters might be incompatible with other types of directories and might need to be modified.

For production, it is always recommended to customize those filters to match most closely the LDAP schema of the directory.

This section explains how to edit those filters, and the values recommended per type of directory.

See Section 4.14, “About LDAP Filters and Attributes” for details about how Oracle VDI makes use of the different filters and attributes.

Before You Begin

Before editing LDAP filters and attributes, review Section C.2, “LDAP Filters and Attributes for Users, Groups, and Containers” and Section C.3, “LDAP Filters and Attributes for Global Oracle VDI Centers”.

The syntax of the LDAP filters and the validity of the LDAP attributes is not verified by Oracle VDI when you edit those values. So make sure you validate the LDAP filters and attributes before you set those values.

LDAP filters and attributes can be validated using an external LDAP tool such as ldapsearch.

Oracle VDI Manager Steps

  1. Log in to Oracle VDI Manager.

  2. Select a company in the Settings category.

  3. Select the Active Directory or LDAP tab.

  4. Click Edit LDAP Configuration.

  5. Edit the settings and click Save button.

CLI Steps

  1. List the LDAP filter used to identify objects of type 'user' and the LDAP filter used to search for users according a search criteria.

    /opt/SUNWvda/sbin/vda directory-getprops

    For example:

    example% /opt/SUNWvda/sbin/vda directory-getprops \
    -p ldap.user.object.filter,ldap.user.search.filter
    ldap.user.object.filter:
    (&(|(objectclass=user)(objectclass=person)(objectclass=inetOrgPerson)
    (objectclass=organizationalPerson))(!(objectclass=computer)))
    ldap.user.search.filter:
    (|(cn=$SEARCH_STRING)(uid=$SEARCH_STRING)(mail=$SEARCH_STRING))
  2. Customize the LDAP filter used to search for users according a search criteria, for Active Directory:

    /opt/SUNWvda/sbin/vda directory-setprops

    For example:

    example% /opt/SUNWvda/sbin/vda directory-setprops \
    -p ldap.user.search.filter= \
    '"(|(cn=\$SEARCH_STRING)(uid=\$SEARCH_STRING)(mail=\$SEARCH_STRING))"'
    Settings updated.
    example% /opt/SUNWvda/sbin/vda directory-getprops \
    -p ldap.user.search.filter
    ldap.user.search.filter:
    (|(cn=$SEARCH_STRING)(uid=$SEARCH_STRING)(mail=$SEARCH_STRING))