InetDomainSearchFilter LDAP Attribute



 Syntax 

 directory string (UTF-8), single-valued 

 OID 

 2.16.840.1.113894.1009.1.101.0.1055.1.1 



Definition

LDAP search filter to use in search templates when performing a native mode search. The compatibility mode RFC 2247 algorithm search requires this attribute, but ignores its value.

Used during authentication to map login name in that domain to an LDAP entry. The following variables can be used in constructing the filter:



 %U - Name part of the login name (that is, everything before the login separator stored in the servers configuration) 

 %V--Domain part of the login string 

 %o--Original login ID entered by the user </li>

</ul>

If this attribute is missing, it is equivalent to: (&(objectclass=inetOrgPerson)(uid=%U)) Namespaces where users are provisioned with compound userIDs, such as, where   is the userID and   is the domain, would use a search filter of: uid=%U_%V This maps a login string of  (where @ is the login separator for the service) into a search request by the service for an entry&#x27;s namespace of  , where.

An alternate example of using this attribute would be for sites wanting to log people in based on their employee identification. Assuming the attribute empID in user entries stores employee identifications, the search filter would be: (&(objectclass=inetOrgPerson)(empID=%U)) This attribute must return a unique match for valid users within the  subtree.

Example inetDomainSearchFilter: uid=%U