class Filter

ManagedElement
SystemFunctions
SecM
UserManagement
LdapAuthenticationMethod
Ldap
Filter

Indicates the filter used to locate the user's authorization profile in the LDAP directory.

This class must be used when profileFilter in Ldap MO is set to FLEXIBLE.

Example of use with POSIX group objects as authorization profile:

The user authorization profile is mapped to posixGroups in the LDAP schema. Each posixGroup contains a set of users and by this association, users are mapped into one or more groups. To identify the set of groups a user is a member of, the following search filter must be used:

(&(objectClass=posixGroup)(memberUid=%u)) cn

where %u is the user ID parameter used during authentication and cn is the common name value returned for the posixGroup. This must match an authorization entity, for example role, in an authorization method. (&(objectClass=posixGroup)(memberUid="")) is the search filter contained by the filter attribute.

This MO is created by the system.

Attributes
string[0..1]
filter
The filter used to search in the LDAP tree.

Example: (&(objectClass=posixGroup)(memberUid="")),

This specifies a filter, where the authorized users are members of posixGroup objects in the LDAP schema. Double quotes indicate where the ME inserts the user identifier.
string
key
mandatory
noNotification
restricted
filterId
The value component of the RDN.
string[0..1]
type
Determines which attribute to retrieve from an element in the database.

The value can be the name of any parameter in the LDAP schema, for example, 'cn'.
string[0..1]
userLabel
An additional descriptive text.

  class Filter