Using a one-to-one match
A filter that maps a RACF® user
ID to only one distributed user contains a registry name value
and contains a user name value that is specified in any of the following
ways.
- As a user ID or user name defined in a non-LDAP registry.
- When you specify the user name in this way, both the distributed
user's registry and user name must exactly match the registry and
user name values in the filter.
For an example of how RACF searches for a filter that contains a non-LDAP user name, see Results for defining a filter for a non-LDAP user name.
- When you specify the user name in this way, both the distributed
user's registry and user name must exactly match the registry and
user name values in the filter.
- As an X.500 distinguished name (DN) that includes all RDNs necessary
to uniquely identify the distributed user. Depending on the particular
LDAP registry, the DN might include the
UIDorCNcomponents to uniquely identify the user.- When you specify the user name in this way, the distributed user's
registry must exactly match the registry name value in the filter, and the
distributed user's name must exactly match all RDNs specified in the
user name value in the filter.
For an example of how RACF searches for a filter that contains a full X.500 DN, see Results for defining a filter for a full X.500 DN.
- When you specify the user name in this way, the distributed user's
registry must exactly match the registry name value in the filter, and the
distributed user's name must exactly match all RDNs specified in the
user name value in the filter.