C.2. LDAP Filters And Attributes For Users, Groups, And Containers

Maybe your like

C.2. LDAP Filters and Attributes for Users, Groups, and Containers
Prev	Appendix C. User Directory LDAP Filters and Attributes	Next

C.2. LDAP Filters and Attributes for Users, Groups, and Containers

C.2.1. Default LDAP Filters and Attributes for Users, Groups and ContainersC.2.2. Active Directory Settings for Users, Groups, and ContainersC.2.3. Oracle Directory Server Enterprise Edition Settings for Users, Groups, and ContainersC.2.4. OpenDS Settings for Users, Groups, and ContainersC.2.5. OpenLDAP Settings for Users, Groups, and ContainersC.2.6. Novell eDirectory Settings for Users, Groups, and Containers

Oracle VDI Manager Name	CLI Property Name	Description
User Filter	ldap.user.object.filter	LDAP filter used to identify objects of type user
User Search Filter	ldap.user.search.filter	LDAP filter used to search for users according a search criteria. Searches for users can be done using the user-search command or in the web administration console. $SEARCH_STRING is the place holder for the search criteria
User ID Attributes	ldap.userid.attributes	List of comma-separated LDAP attributes storing the userid value for user objects. This is used to find a user given its userid
User Member Attributes	ldap.user.member.attributes	List of comma-separated LDAP attributes on a user object storing the groups the user is a member of
Group Filter	ldap.group.object.filter	LDAP filter used to identify objects of type group
Group Search Filter	ldap.group.search.filter	LDAP filter used to search for groups according a search criteria. Searches for groups can be done using the user-search command or in the web administration console. $SEARCH_STRING is the place holder for the search criteria
Group Member Attributes	ldap.group.member.attributes	List of comma-separated LDAP attributes on a group object storing the users member of the group
Group Short Attributes	ldap.group.short.attributes	List of comma-separated LDAP attributes on a group object storing the information for primary group membership. Primary group membership is specific to Active Directory.
Container Object Filter	ldap.container.object.filter	LDAP filter used to identify objects of type container. Containers can be selected as root for custom group filters in the web administration console
Container Search Filter	ldap.container.search.filter	LDAP filter used by the web administration console to search for containers according a search criteria, when selecting a root for a custom group filter. $SEARCH_STRING is the place holder for the search criteria
Default Attributes	ldap.default.attributes	List of comma-separated LDAP attributes loaded in the cache when looking up an object. It should contain all the attributes used in the other filters and attribute lists.

C.2.1. Default LDAP Filters and Attributes for Users, Groups and Containers

The following table contains the default LDAP filters and attributes for users, groups, and containers.

Oracle VDI Manager Name	Default Value
User Filter	(&(\|(objectclass=user)(objectclass=person)(objectclass=inetOrgPerson) (objectclass=organizationalPerson))(!(objectclass=computer)))
User Search Filter	(\|(cn=$SEARCH_STRING)(uid=$SEARCH_STRING) (userPrincipalName=$SEARCH_STRING)(mail=$SEARCH_STRING))
User ID Attributes	uid,sAMAccountName,userPrincipalName,mail
User Member Attributes	memberof,primaryGroupID
Group Filter	(\|(objectclass=group)(objectclass=groupofnames) (objectclass=groupofuniquenames))
Group Search Filter	(\|(dc=$SEARCH_STRING)(o=$SEARCH_STRING)(ou=$SEARCH_STRING) (cn=$SEARCH_STRING)(uid=$SEARCH_STRING)(mail=$SEARCH_STRING))
Group Member Attributes	member,uniquemember
Group Short Attributes	primaryGroupToken
Container Object Filter	(\|(objectclass=domain)(objectclass=organization) (objectclass=organizationalUnit)(objectclass=container))
Container Search Filter	(\|(cn=$SEARCH_STRING)(dc=$SEARCH_STRING)(ou=$SEARCH_STRING))
Default Attributes	dc,o,ou,cn,uid,mail,member,uniquemember,memberof,sAMAccountName, primaryGroupToken,primaryGroupID

C.2.2. Active Directory Settings for Users, Groups, and Containers

The following table contains the recommended settings for Active Directory for users, groups, and containers.

If you use either the userPrincipalName attribute or the mail attribute for user identification, use this attribute instead of sAMAccountName in the following settings.

Oracle VDI Manager Name	Recommended Setting
User Filter	(&(objectclass=user)(!(objectclass=computer)))
User Search Filter	(\|(cn=$SEARCH_STRING)(sAMAccountName=$SEARCH_STRING))
User ID Attributes	sAMAccountName
User Member Attributes	memberof,primaryGroupID
Group Filter	(objectclass=group)
Group Search Filter	(cn=$SEARCH_STRING)
Group Member Attributes	member
Group Short Attributes	primaryGroupToken
Container Object Filter	(objectclass=container)
Container Search Filter	(cn=$SEARCH_STRING)
Default Attributes	cn,member,memberof,sAMAccountName,primaryGroupToken,primaryGroupID

C.2.3. Oracle Directory Server Enterprise Edition Settings for Users, Groups, and Containers

The following table contains the recommended settings for Oracle Directory Server Enterprise Edition for users, groups, and containers.

Oracle VDI Manager Name	Recommended Setting
User Filter	(objectclass=person)
User Search Filter	(\|(cn=$SEARCH_STRING)(uid=$SEARCH_STRING))
User ID Attributes	uid
User Member Attributes	memberof
Group Filter	(objectclass=groupofuniquenames)
Group Search Filter	(cn=$SEARCH_STRING)
Group Member Attributes	uniquemember
Group Short Attributes	empty
Container Object Filter	(\|(objectclass=domain)(objectclass=organizationalUnit))
Container Search Filter	(\|(dc=$SEARCH_STRING)(ou=$SEARCH_STRING))
Default Attributes	dc,ou,cn,uid,uniquemember,memberof

C.2.4. OpenDS Settings for Users, Groups, and Containers

The following table contains the recommended settings for OpenDS for users, groups, and containers.

Oracle VDI Manager Name	Recommended Setting
User Filter	(objectclass=person)
User Search Filter	(\|(cn=$SEARCH_STRING)(uid=$SEARCH_STRING))
User ID Attributes	uid
User Member Attributes	memberof
Group Filter	(objectclass=groupofuniquenames)
Group Search Filter	(cn=$SEARCH_STRING)
Group Member Attributes	uniquemember
Group Short Attributes	empty
Container Object Filter	(\|(objectclass=domain)(objectclass=organizationalUnit))
Container Search Filter	(\|(dc=$SEARCH_STRING)(ou=$SEARCH_STRING))
Default Attributes	dc,ou,cn,uid,uniquemember,memberof

C.2.5. OpenLDAP Settings for Users, Groups, and Containers

The following table contains the recommended settings for OpenLDAP for users, groups, and containers.

Oracle VDI Manager Name	Recommended Setting
User Filter	You must remove (!(objectclass=computer)) from the default filter. Recommended is (objectclass=person).
User Search Filter	(\|(cn=$SEARCH_STRING)(uid=$SEARCH_STRING))
User ID Attributes	uid
User Member Attributes	memberof
Group Filter	(objectclass=groupofnames)
Group Search Filter	(cn=$SEARCH_STRING)
Group Member Attributes	member
Group Short Attributes	empty
Container Object Filter
Container Search Filter
Default Attributes	cn,uid,member,memberof

C.2.6. Novell eDirectory Settings for Users, Groups, and Containers

The following table contains the recommended settings for Active Directory for users, groups and containers.

Oracle VDI Manager Name	Recommended Setting
User Filter	You must remove (!(objectclass=computer)) from the default filter. Recommended is (objectclass=person).
User Search Filter	(\|(cn=$SEARCH_STRING)(uid=$SEARCH_STRING)(givenName=$SEARCH_STRING))
User ID Attributes	givenName,cn,uid
User Member Attributes	groupMembership
Group Filter	(\|(objectclass=group)(objectclass=groupofnames)(objectclass=groupofuniquenames))
Group Search Filter
Group Member Attributes	member,uniquemember
Group Short Attributes	empty
Container Object Filter	(objectclass=organizationalUnit)
Container Search Filter
Default Attributes	cn,uid,givenName,groupmembership,member,uniquemember

Prev	Up	Next
C.1. How to Edit LDAP Filters and Attributes	Home	C.3. LDAP Filters and Attributes for Global Oracle VDI Centers

Tag » Active Directory Search Filter Group

C.2. LDAP Filters And Attributes For Users, Groups, And Containers