C.2. LDAP Filters and Attributes for Users, Groups, and Containers

C.2.1. Default LDAP Filters and Attributes for Users, Groups and Containers
C.2.2. Active Directory Settings for Users, Groups, and Containers
C.2.3. Oracle Directory Server Enterprise Edition Settings for Users, Groups, and Containers
C.2.4. OpenDS Settings for Users, Groups, and Containers
C.2.5. OpenLDAP Settings for Users, Groups, and Containers
C.2.6. Novell eDirectory Settings for Users, Groups, and Containers

Oracle VDI Manager Name

CLI Property Name

Description

User Filter

ldap.user.object.filter

LDAP filter used to identify objects of type user.

User Search Filter

ldap.user.search.filter

LDAP filter used to search for users according a search criteria. Searches for users can be done using the user-search command or in Oracle VDI Manager. $SEARCH_STRING is the place holder for the search criteria.

User ID Attributes

ldap.userid.attributes

List of comma-separated LDAP attributes storing the userid value for user objects. This is used to find a user given its userid.

User Member Attributes

ldap.user.member.attributes

List of comma-separated LDAP attributes on a user object storing the groups the user is a member of.

User Short Attributes

ldap.user.short.attributes

List of comma-separated LDAP attributes on a user object that can be used in a group member attribute.

Group Filter

ldap.group.object.filter

LDAP filter used to identify objects of type group.

Group Search Filter

ldap.group.search.filter

LDAP filter used to search for groups according a search criteria. Searches for groups can be done using the user-search command or in Oracle VDI Manager. $SEARCH_STRING is the place holder for the search criteria.

Group Member Attributes

ldap.group.member.attributes

List of comma-separated LDAP attributes on a group object storing the users member of the group.

Group Short Attributes

ldap.group.short.attributes

List of comma-separated LDAP attributes on a group object that can be used in a user member attribute. This is typically used for Primary Group membership, which is specific to Active Directory.

Container Object Filter

ldap.container.object.filter

LDAP filter used to identify objects of type container. Containers can be selected as root for custom group filters in Oracle VDI Manager.

Container Search Filter

ldap.container.search.filter

LDAP filter used by Oracle VDI Manager to search for containers according a search criteria, when selecting a root for a custom group filter. $SEARCH_STRING is the place holder for the search criteria.

Default Attributes

ldap.default.attributes

List of comma-separated LDAP attributes loaded in the cache when looking up an object. It should contain all the attributes used in the other filters and attribute lists.

C.2.1. Default LDAP Filters and Attributes for Users, Groups and Containers

The following table contains the default LDAP filters and attributes for users, groups, and containers.

Oracle VDI Manager Name

Default Value

User Filter

(&(|(objectclass=user)(objectclass=person)(objectclass=inetOrgPerson) (objectclass=organizationalPerson))(!(objectclass=computer)))

User Search Filter

(|(cn=$SEARCH_STRING)(uid=$SEARCH_STRING) (userPrincipalName=$SEARCH_STRING)(mail=$SEARCH_STRING))

User ID Attributes

uid,sAMAccountName,userPrincipalName,mail

User Member Attributes

memberof,primaryGroupID

User Short Attributes

 

Group Filter

(|(objectclass=group)(objectclass=groupofnames) (objectclass=groupofuniquenames))

Group Search Filter

(|(dc=$SEARCH_STRING)(o=$SEARCH_STRING)(ou=$SEARCH_STRING) (cn=$SEARCH_STRING)(uid=$SEARCH_STRING)(mail=$SEARCH_STRING))

Group Member Attributes

member,uniquemember

Group Short Attributes

primaryGroupToken

Container Object Filter

(|(objectclass=domain)(objectclass=organization) (objectclass=organizationalUnit)(objectclass=container))

Container Search Filter

(|(cn=$SEARCH_STRING)(dc=$SEARCH_STRING)(ou=$SEARCH_STRING))

Default Attributes

dc,o,ou,cn,uid,mail,member,uniquemember,memberof,sAMAccountName, primaryGroupToken,primaryGroupID

C.2.2. Active Directory Settings for Users, Groups, and Containers

The following table contains the recommended settings for Active Directory for users, groups, and containers.

If you use either the userPrincipalName attribute or the mail attribute for user identification, use this attribute instead of sAMAccountName in the following settings.

Oracle VDI Manager Name

Recommended Setting

User Filter

(&(objectclass=user)(!(objectclass=computer)))

User Search Filter

(|(cn=$SEARCH_STRING)(sAMAccountName=$SEARCH_STRING))

User ID Attributes

sAMAccountName

User Member Attributes

memberof,primaryGroupID

User Short Attributes

 

Group Filter

(objectclass=group)

Group Search Filter

(cn=$SEARCH_STRING)

Group Member Attributes

member

Group Short Attributes

primaryGroupToken

Container Object Filter

(objectclass=container)

Container Search Filter

(cn=$SEARCH_STRING)

Default Attributes

cn,member,memberof,sAMAccountName,primaryGroupToken,primaryGroupID

C.2.3. Oracle Directory Server Enterprise Edition Settings for Users, Groups, and Containers

The following table contains the recommended settings for Oracle Directory Server Enterprise Edition for users, groups, and containers.

Oracle VDI Manager Name

Recommended Setting

User Filter

(objectclass=person)

User Search Filter

(|(cn=$SEARCH_STRING)(uid=$SEARCH_STRING))

User ID Attributes

uid

User Member Attributes

memberof

User Short Attributes

 

Group Filter

(objectclass=groupofuniquenames)

Group Search Filter

(cn=$SEARCH_STRING)

Group Member Attributes

uniquemember

Group Short Attributes

 

Container Object Filter

(|(objectclass=domain)(objectclass=organizationalUnit))

Container Search Filter

(|(dc=$SEARCH_STRING)(ou=$SEARCH_STRING))

Default Attributes

dc,ou,cn,uid,uniquemember,memberof

C.2.4. OpenDS Settings for Users, Groups, and Containers

The following table contains the recommended settings for OpenDS for users, groups, and containers.

Oracle VDI Manager Name

Recommended Setting

User Filter

(objectclass=person)

User Search Filter

(|(cn=$SEARCH_STRING)(uid=$SEARCH_STRING))

User ID Attributes

uid

User Member Attributes

memberof

User Short Attributes

 

Group Filter

(objectclass=groupofuniquenames)

Group Search Filter

(cn=$SEARCH_STRING)

Group Member Attributes

uniquemember

Group Short Attributes

 

Container Object Filter

(|(objectclass=domain)(objectclass=organizationalUnit))

Container Search Filter

(|(dc=$SEARCH_STRING)(ou=$SEARCH_STRING))

Default Attributes

dc,ou,cn,uid,uniquemember,memberof

C.2.5. OpenLDAP Settings for Users, Groups, and Containers

The following table contains the recommended settings for OpenLDAP for users, groups, and containers.

Oracle VDI Manager Name

Recommended Setting

User Filter

As a minimum, you must remove (!(objectclass=computer)) from the default user filter as this causes an error.

The recommended setting is: (objectclass=person).

User Search Filter

(|(cn=$SEARCH_STRING)(uid=$SEARCH_STRING))

User ID Attributes

uid

User Member Attributes

memberof

User Short Attributes

 

Group Filter

(objectclass=groupofnames)

Group Search Filter

(cn=$SEARCH_STRING)

Group Member Attributes

member

Group Short Attributes

 

Container Object Filter

 

Container Search Filter

 

Default Attributes

cn,uid,member,memberof

C.2.6. Novell eDirectory Settings for Users, Groups, and Containers

The following table contains the recommended settings for Novell eDirectory for users, groups and containers.

Oracle VDI Manager Name

Recommended Setting

User Filter

As a minimum, you must remove (!(objectclass=computer)) from the default user filter as this causes an error.

The recommended setting is: (objectclass=person).

User Search Filter

(|(cn=$SEARCH_STRING)(uid=$SEARCH_STRING)(givenName=$SEARCH_STRING))

User ID Attributes

givenName,cn,uid

User Member Attributes

groupMembership

User Short Attributes

 

Group Filter

(|(objectclass=group)(objectclass=groupofnames)(objectclass=groupofuniquenames))

Group Search Filter

 

Group Member Attributes

member,uniquemember

Group Short Attributes

 

Container Object Filter

(objectclass=organizationalUnit)

Container Search Filter 

Default Attributes

cn,uid,givenName,groupmembership,member,uniquemember