Adding an LDAP Query Role

Edit online

About this task

An LDAP query role is based on an LDAP query to an external directory service. Any user or group that meets the requirements of the query is a member of the role.

To create an LDAP query role

Procedure

  1. On the Common Directory Services page, click Roles.
  2. Click Add Role icon.
  3. In the Role Name field, type the name that you want to assign to the new role.

    Valid role names can contain only letters, numbers, underscores, or space characters.

  4. From the Role Provider drop-down list, select LDAP Query Role Provider.
  5. Click Apply.
  6. On the Roles page, click the name of the newly created role, or click Actions icon and then click Edit.
  7. In the Role Membership section:
    1. In the LDAP Query field type a valid LDAP query.
    2. Select the Simple Query option if the query in the LDAP Query field contains simplified LDAP query syntax.
      Note: Unless you are creating a complex LDAP query, the query syntax can be cumbersome to use. With the Simple Query option, the syntax is filled in for you. For example, to find all persons whose manager has the user ID abrown, the simple query syntax is manager=abrown.
    3. Select a directory service from the Directory Service drop-down list.
    4. In the Principal Type list, choose whether the query searches for Users or Groups.
  8. Click Save.