Specifying LDAP User fields
You must specify the LDAP User fields if you have selected LDAP security for the database repository.
- Base RDN
- Use this field to specify the relative distinguished name for a user. For example: uid=Mike.
- Search Scope
- Specifies the possible scopes for the directory search. You can
specify:
- Onelevel: To search the one level below the Base RDN level, excluding the base object.
- Subtree: To search the whole subtree rooted at the Base RDN level, including the base object and all its child objects.
- Object class
- Specify the object class to which the user belongs. For example:
objectclass:sales
indicates that all entries under Base RDN belong to thesales
class. - Name attribute
- Specify the name of an attribute whose value specifies the user name.
- Description attribute
- Specify the name of an attribute whose value specifies the description of the user.
- Name filter
- This field specifies the standard search string that will be used to search users by name. This field is generated based on the values that you specify in the Name attribute and Object class fields.
- All users filter
- This field specifies the standard search string that will return all the users under the Base RDN. This field is generated based on the values that you specify in the Name attribute and Object class fields.
- Full name attribute
- Use this field to specify the name of the attribute that contains a user's full name.
- Login attribute
- Specify the name of an attribute whose value specifies the login of the user.
- Identity type
- Specifies the attribute that is used to identify the user and
the type of access the user has to the repository. Using the identity
attribute ensures retaining the granted permissions to the repository
for the user, if the user is renamed or moved to another folder in
the LDAP directory. The possible values are the following:
- DN is the default value. It means that the distinguished name for the user is used for identification.
- Login attribute means that the name of the attribute specified in the Login attribute field is used for identification.
- Custom attribute means that the name of the attribute specified in the Custom attribute field is used for identification.
- Custom attribute
- This field is available only if you selected Custom attribute identity type. Specify the name of an attribute which value will be used for identification of the user.
Note: If a user and a group have
the same value of identity attribute, they are determined as different
security objects in the repository.