|
The User Search dialog is used to search a given LDAP
directory for a unique user according to the criteria configured in the
fields on this dialog.
Base Criteria:
The value entered here tells the Enterprise Gateway where it should begin
searching the LDAP directory. For example, it may be appropriate to
search for a given user under the "C=IE" tree in the LDAP hierarchy.
Query Search Filter:
The value entered here is what the Enterprise Gateway will use to determine
whether it has obtained a successful match or not. In this case, since
we are searching for a specific user, we can use the username of an
authenticated user (i.e. the value of the
authentication.subject.id message attribute to lookup
in the LDAP directory. We must also specify the object class that defines
users for the particular type of LDAP directory that we are searching
against. For example, object classes representing users amongst common
LDAP directories are "inetOrgPerson", "givenName", and "User".
So, for example, to search for an authenticated user against Microsoft's
Active Directory, you might specify the following as the
Query Seach Filter:
|
| | |
|
(objectclass=User)(cn=${authentication.subject.id})
| |
| | |
|
Search Scope:
The checkboxes here indicate the depth of the LDAP tree that you wish to
search. The choice selected here will depend largely on the structure
of your LDAP directory.
|