Specifying LDAP User fields

You must specify the LDAP User fields if you have selected LDAP security for the database repository.

Base RDN
Use this field to specify the relative distinguished name for a user. For example: uid=Mike.
Search Scope
Specifies the possible scopes for the directory search. You can specify:
  • Onelevel: To search the one level below the Base RDN level, excluding the base object.
  • Subtree: To search the whole subtree rooted at the Base RDN level, including the base object and all its child objects.
Object class
Specify the object class to which the user belongs. For example: objectclass:sales indicates that all entries under Base RDN belong to the sales class.
Name attribute
Specify the name of an attribute whose value specifies the user name.
Description attribute
Specify the name of an attribute whose value specifies the description of the user.
Name filter
This field specifies the standard search string that will be used to search users by name. This field is generated based on the values that you specify in the Name attribute and Object class fields.
All users filter
This field specifies the standard search string that will return all the users under the Base RDN. This field is generated based on the values that you specify in the Name attribute and Object class fields.
Full name attribute
Use this field to specify the name of the attribute that contains a user's full name.
Login attribute
Specify the name of an attribute whose value specifies the login of the user.
Identity type
Specifies the attribute that is used to identify the user and the type of access the user has to the repository. Using the identity attribute ensures retaining the granted permissions to the repository for the user, if the user is renamed or moved to another folder in the LDAP directory. The possible values are the following:
  • DN is the default value. It means that the distinguished name for the user is used for identification.
  • Login attribute means that the name of the attribute specified in the Login attribute field is used for identification.
  • Custom attribute means that the name of the attribute specified in the Custom attribute field is used for identification.
Custom attribute
This field is available only if you selected Custom attribute identity type. Specify the name of an attribute which value will be used for identification of the user.
Note: If a user and a group have the same value of identity attribute, they are determined as different security objects in the repository.