To Define Dynamic Membership Criteria
Dynamic criteria consist of LDAP search URLs that are used as filters in searching the user directory for determining membership. This mechanism is dynamic in that, when a message arrives for the group, the individuals that receive it are determined by a directory search rather than by consulting a static list of names. You can thus create and maintain very large or complex groups without having to track each member explicitly.
LDAP search filters must be formatted in LDAP URL syntax. For more detailed information on constructing LDAP filters, see the chapter on User and Group Administration of the Sun ONE Server Console 5.2 Server Management Guide. See also the Sun Java System Directory Server documentation and RFC 1959.
An LDAP URL has the following syntax:
ldap://hostname:port/base_dn?attributes?scope?filter
where the options of the URL have the following meanings:
Table C–1 LDAP URL Options|
option |
Description |
|---|---|
|
hostname |
Host name of the Directory Server (Defaults to the Directory server host name used by Messaging Server). |
|
port |
Port number for the LDAP server. If no port is specified, it defaults to the standard LDAP port used by Messaging Server. |
|
base_dn |
Distinguished name of an entry in the directory, to be used as the search base. This component is required. |
|
attributes |
The attributes to be returned. These attributes are supplied by Messaging Server. |
|
scope |
Scope of search: A scope of base retrieves information only on the search base (base_dn) itself. A scope of one retrieves information one level below the search base (the search-base level is not included). A scope of sub retrieves information on the search base and all entries below the search base. |
|
filter |
Search filter to apply to entries within the specified scope of the search. If no filter is specified, (objectclass=*) is used. |
The following is an example of an LDAP search URL that filters for users who have Sunnyvale as their mail host:
ldap:///o=Siroe Corp,c=US??sub?(&(mailHost=sunnyvale.siroe.com) (objectClass=inetLocalMailRecipient))
The above URL filters for users who are members of the organization of Siroe (o=Siroe), in the United States (c=US), and have a mail host of Sunnyvale (mailHost=sunnyvale). The objectClass attribute defines the type of entry for which to search, in this case inetLocalMailRecipient (objectClass=inetLocalMailRecipient).
Note that when you create a search filter using Console, all group names are ignored; that is, only user names are included in the search results whereas group members are not. The purpose of this setting is to avoid duplicating users that are also group members in the search results. This setting can be overridden using the command line configuration utility (configutil), but it is not recommended.
As noted in the next section, Console provides a template window (the Construct LDAP Search URL window) that you can use as an aid in building a search URL.
- © 2010, Oracle Corporation and/or its affiliates