Specifying LDAP Group fields
You must specify the LDAP Group fields if you have selected LDAP security for the database repository.
- Base RDN
- Use this field to specify the relative distinguished name for a group. For example: o=Sales.
- Search scope
- Specifies the possible scopes for the directory search. You can
specify:
- One level: To search the one level below the Base RDN level, excluding the base object.
- Subtree: To search the whole subtree rooted at the Base RDN level, including the base object and all its child objects.
- Object class
- Specify the object class to which the group belongs. For example:
objectclass:posixGroup
indicates that all entries under Base RDN belong to theposixGroup
class. - Name attribute
- Specify the name of an attribute whose value specifies the group name.
- Description attribute
- Specify the name of an attribute whose value specifies the description of the group.
- Name filter
- This field specifies the standard search string that will be used to search groups by name. This field is generated based on the values that you specify in the Name attribute and Object class fields.
- All groups filter
- This field specifies the standard search string that will return all the groups under the Base RDN. This field is generated based on the values that you specify in the Name attribute and Object class fields.
- User's group
- Use this field to specify the group to which the member belongs.
- Administrator's group
- Use this field to specify the group whose members will be granted administrator permissions within the content of the QMF products.
- Member attribute
- Specifies the name of a groups entry's attribute whose value specifies membership in the group. You can specify an RDN that will refer to a user entry or a user's name.
- Member type
- Specifies the member type based on what was specified in the Member attribute field. If you specified an RDN in the Member attribute field, the member type is DN. If you specified a user name in the Member attribute field, the member type is Value.
- Identity type
- Specifies the attribute that is used to identify the group and
the type of access the group has to the repository. Using the identity
attribute ensures retaining the granted permissions to the repository
for the group, if the group is renamed or moved to another folder
in the LDAP directory. The possible values are the following:
- DN is the default value. It means that the distinguished name for the group is used for identification.
- Custom attribute means that the name of the attribute specified in the Custom Attribute field is used for identification.
- Custom attribute
- This field is available only if you selected Custom attribute identity type. Specify the name of an attribute which value will be used for identification of the group.