Define the user name portion of the distributed identity filter using the USERDIDFILTER operand. You can specify the user name in any of the following three formats.

1. As a single asterisk (X'5C') to indicate that any user name matches this portion of the filter.
2. As a simple character string, such as a user ID or user name defined in a non-LDAP registry.
3. As a character string that represents an X.500 distinguished name (DN), as defined by RFC2253 from the Internet Engineering Task Force (IETF).

   A DN consists of one or more relative distinguished names (RDNs). Each RDN® consists of an attribute type and attribute value, separated by an equal sign (=). RDNs are separated by a comma (,).

   When you specify the user name as an X.500 DN, you must specify the value in its canonical form, as it is defined within the user registry with the RDNs specified in their correct sequence.

   For example, for users of WebSphere® Application Server applications, the canonical form of the user name must match the value returned by the WSCredential interface method called getUniqueSecurityName().

   Note: When you specify the user name as an X.500 DN, the name is normalized before it is stored in the IDIDMAP profile. The normalized form of the DN appears in the output of the RACMAP LISTMAP command. For details about how the DN is normalized, see the description of the USERDIDFILTER operand of the RACMAP MAP function in z/OS Security Server RACF Command Language Reference.

Examples of user names:

USERDIDFILTER(NAME('DENICE'))
USERDIDFILTER(NAME('UID=BobC,CN=Bob Cook,OU=Accounting,O=BobsMart,C=US'))
USERDIDFILTER(NAME('OU=Accounting,O=BobsMart,C=US'))
USERDIDFILTER(NAME('*'))