The default search descriptor that is used for user searches is ou=people,base-search-DN
. The default search descriptor that is used for group searches is ou=group,base-search-DN
. The default search descriptor that is used for netgroup searches is ou=netgroup,base-search-DN
. If your LDAP database does not have subtrees named people
, group
, or netgroup
, then searches of the database will fail as object not found.
Edit the search descriptor fields on each tab to enter the correct subtrees to search for users, groups, and netgroups. For example, on the Users tab, you might enter the following for the search descriptor:
ou=employees,dc=example,dc=com
If your LDAP database does not have subtrees for users and groups, use this search descriptor field to re-enter the base search DN to prevent ou=people
or ou=group
from being prepended automatically. For example, enter the following in the Users or Groups search descriptor field:
dc=example,dc=com
You must include the full base search DN in the search descriptor value. Also include your scope selection. Both the base search DN and scope selection will be ignored and the search descriptor value will be used instead. The example in the previous paragraph specifies non-recursive search. To specify recursive search, change that example to the following:
dc=example,dc=com?sub