ExternalAuthPreUrlTemplate LDAP Attribute



 Syntax 

 IA5 string (ASCII), single-valued 

 OID 

 2.16.840.1.113894.1009.1.102.1.1002.1.1 



Definition

This attribute is used to authenticate against external Directory Servers. It is used to set the LDAP URL that defines how users must be searched for in the external Directory Server against which authentication is performed. You must add this attribute to each domain entry associated with that external directory. The attribute value is an LDAP URL of the form: ldap://&#x3c;server name&#x3e;/&#x3c;search base DN&#x3e;?&#x3c;attributes&#x3e;?&#x3c;scope&#x3e;?&#x3c;search filter&#x3e; where:



 :  Specifies the LDAP pool identifier, defined in the Calendar Server   configuration for that specific external directory server. See the    command for more information   on how to configure the LDAP pool. 

 :  Specifies either a template or fixed DN. 

 :  Specifies a list of attributes to be retrieved that are required to   perform external authentication and mapping to the internal   Communications Suite directory. </li>

 :  Should be ,  , or. </li>

 :  Specifies either a template or a fixed filter. </li>

</ul>

Both the search base DN and search filter can be templates containing the following patterns:

<ul>

 %o (original login ID, as provided by the user over protocol) </li>

 %U (user part of login ID) </li>

 %V (domain part of login ID) </li>

</ul>

Note: The % character in %o, %U, and %V needs to be encoded as per the general URI definition. That is, the % character becomes %25.

Examples

Consider the following LDAP URL: ldap://examplepool/ou=people,o=example.com?mail?sub?(uid=%25o) In this example, for a user with login ID, the following subtree search is issued:

<ul>

 basedn: </li>

 filter: </li>

</ul>

Consider the following LDAP URL where example.com is the default domain: ldap://examplepool/cn=%U,ou=people,o=example.com?mail?base?(objectclass=&#x2a;) In this example, for a user with a login ID of John Doe, the following search is issued:

<ul>

 basedn: </li>

 filter: </li>

</ul>

If more than one entry matches the search, the authentication is rejected.