C.2. LDAP Filters and Attributes for Users, Groups, and Containers

C.2.1. Default LDAP Filters and Attributes for Users, Groups and Containers
C.2.2. Active Directory Settings for Users, Groups, and Containers
C.2.3. Oracle Directory Server Enterprise Edition Settings for Users, Groups, and Containers
C.2.4. OpenDS Settings for Users, Groups, and Containers
C.2.5. OpenLDAP Settings for Users, Groups, and Containers
C.2.6. Novell eDirectory Settings for Users, Groups, and Containers

Oracle VDI Manager Name

CLI Property Name

Description

User Filter

ldap.user.object.filter

LDAP filter used to identify objects of type user

User Search Filter

ldap.user.search.filter

LDAP filter used to search for users according a search criteria. Searches for users can be done using the user-search command or in the web administration console. $SEARCH_STRING is the place holder for the search criteria

User ID Attributes

ldap.userid.attributes

List of comma-separated LDAP attributes storing the userid value for user objects. This is used to find a user given its userid

User Member Attributes

ldap.user.member.attributes

List of comma-separated LDAP attributes on a user object storing the groups the user is a member of

Group Filter

ldap.group.object.filter

LDAP filter used to identify objects of type group

Group Search Filter

ldap.group.search.filter

LDAP filter used to search for groups according a search criteria. Searches for groups can be done using the user-search command or in the web administration console. $SEARCH_STRING is the place holder for the search criteria

Group Member Attributes

ldap.group.member.attributes

List of comma-separated LDAP attributes on a group object storing the users member of the group

Group Short Attributes

ldap.group.short.attributes

List of comma-separated LDAP attributes on a group object storing the information for primary group membership. Primary group membership is specific to Active Directory.

Container Object Filter

ldap.container.object.filter

LDAP filter used to identify objects of type container. Containers can be selected as root for custom group filters in the web administration console

Container Search Filter

ldap.container.search.filter

LDAP filter used by the web administration console to search for containers according a search criteria, when selecting a root for a custom group filter. $SEARCH_STRING is the place holder for the search criteria

Default Attributes

ldap.default.attributes

List of comma-separated LDAP attributes loaded in the cache when looking up an object. It should contain all the attributes used in the other filters and attribute lists.

C.2.1. Default LDAP Filters and Attributes for Users, Groups and Containers

The following table contains the default LDAP filters and attributes for users, groups, and containers.

Oracle VDI Manager Name

Default Value

User Filter

(&(|(objectclass=user)(objectclass=person)(objectclass=inetOrgPerson) (objectclass=organizationalPerson))(!(objectclass=computer)))

User Search Filter

(|(cn=$SEARCH_STRING)(uid=$SEARCH_STRING) (userPrincipalName=$SEARCH_STRING)(mail=$SEARCH_STRING))

User ID Attributes

uid,sAMAccountName,userPrincipalName,mail

User Member Attributes

memberof,primaryGroupID

Group Filter

(|(objectclass=group)(objectclass=groupofnames) (objectclass=groupofuniquenames))

Group Search Filter

(|(dc=$SEARCH_STRING)(o=$SEARCH_STRING)(ou=$SEARCH_STRING) (cn=$SEARCH_STRING)(uid=$SEARCH_STRING)(mail=$SEARCH_STRING))

Group Member Attributes

member,uniquemember

Group Short Attributes

primaryGroupToken

Container Object Filter

(|(objectclass=domain)(objectclass=organization) (objectclass=organizationalUnit)(objectclass=container))

Container Search Filter

(|(cn=$SEARCH_STRING)(dc=$SEARCH_STRING)(ou=$SEARCH_STRING))

Default Attributes

dc,o,ou,cn,uid,mail,member,uniquemember,memberof,sAMAccountName, primaryGroupToken,primaryGroupID

C.2.2. Active Directory Settings for Users, Groups, and Containers

The following table contains the recommended settings for Active Directory for users, groups, and containers.

If you use either the userPrincipalName attribute or the mail attribute for user identification, use this attribute instead of sAMAccountName in the following settings.

Oracle VDI Manager Name

Recommended Setting

User Filter

(&(objectclass=user)(!(objectclass=computer)))

User Search Filter

(|(cn=$SEARCH_STRING)(sAMAccountName=$SEARCH_STRING))

User ID Attributes

sAMAccountName

User Member Attributes

memberof,primaryGroupID

Group Filter

(objectclass=group)

Group Search Filter

(cn=$SEARCH_STRING)

Group Member Attributes

member

Group Short Attributes

primaryGroupToken

Container Object Filter

(objectclass=container)

Container Search Filter

(cn=$SEARCH_STRING)

Default Attributes

cn,member,memberof,sAMAccountName,primaryGroupToken,primaryGroupID

C.2.3. Oracle Directory Server Enterprise Edition Settings for Users, Groups, and Containers

The following table contains the recommended settings for Oracle Directory Server Enterprise Edition for users, groups, and containers.

Oracle VDI Manager Name

Recommended Setting

User Filter

(objectclass=person)

User Search Filter

(|(cn=$SEARCH_STRING)(uid=$SEARCH_STRING))

User ID Attributes

uid

User Member Attributes

memberof

Group Filter

(objectclass=groupofuniquenames)

Group Search Filter

(cn=$SEARCH_STRING)

Group Member Attributes

uniquemember

Group Short Attributes

empty

Container Object Filter

(|(objectclass=domain)(objectclass=organizationalUnit))

Container Search Filter

(|(dc=$SEARCH_STRING)(ou=$SEARCH_STRING))

Default Attributes

dc,ou,cn,uid,uniquemember,memberof

C.2.4. OpenDS Settings for Users, Groups, and Containers

The following table contains the recommended settings for OpenDS for users, groups, and containers.

Oracle VDI Manager Name

Recommended Setting

User Filter

(objectclass=person)

User Search Filter

(|(cn=$SEARCH_STRING)(uid=$SEARCH_STRING))

User ID Attributes

uid

User Member Attributes

memberof

Group Filter

(objectclass=groupofuniquenames)

Group Search Filter

(cn=$SEARCH_STRING)

Group Member Attributes

uniquemember

Group Short Attributes

empty

Container Object Filter

(|(objectclass=domain)(objectclass=organizationalUnit))

Container Search Filter

(|(dc=$SEARCH_STRING)(ou=$SEARCH_STRING))

Default Attributes

dc,ou,cn,uid,uniquemember,memberof

C.2.5. OpenLDAP Settings for Users, Groups, and Containers

The following table contains the recommended settings for OpenLDAP for users, groups, and containers.

Oracle VDI Manager Name

Recommended Setting

User Filter

You must remove (!(objectclass=computer)) from the default filter. Recommended is (objectclass=person).

User Search Filter

(|(cn=$SEARCH_STRING)(uid=$SEARCH_STRING))

User ID Attributes

uid

User Member Attributes

memberof

Group Filter

(objectclass=groupofnames)

Group Search Filter

(cn=$SEARCH_STRING)

Group Member Attributes

member

Group Short Attributes

empty

Container Object Filter

Container Search Filter

Default Attributes

cn,uid,member,memberof

C.2.6. Novell eDirectory Settings for Users, Groups, and Containers

The following table contains the recommended settings for Active Directory for users, groups and containers.

Oracle VDI Manager Name

Recommended Setting

User Filter

You must remove (!(objectclass=computer)) from the default filter. Recommended is (objectclass=person).

User Search Filter

(|(cn=$SEARCH_STRING)(uid=$SEARCH_STRING)(givenName=$SEARCH_STRING))

User ID Attributes

givenName,cn,uid

User Member Attributes

groupMembership

Group Filter

(|(objectclass=group)(objectclass=groupofnames)(objectclass=groupofuniquenames))

Group Search Filter

Group Member Attributes

member,uniquemember

Group Short Attributes

empty

Container Object Filter

(objectclass=organizationalUnit)

Container Search Filter

Default Attributes

cn,uid,givenName,groupmembership,member,uniquemember