ExternalAuthPostUrlTemplate LDAP Attribute



 Syntax 

 IA5 string (ASCII), single-valued 

 OID 

 2.16.840.1.113894.1009.1.102.1.1003.1.1 



Definition

This attribute is used for finding the internal Directory Server entry for a user who has authenticated against an external Directory Server. It sets the LDAP URL that must be used to map the user who has authenticated against the external Directory Server to a user in the internal Directory. It is used in conjunction with the  attribute and must be added to each domain  entry associated with that external directory.

The attribute value is an LDAP URL of the form: ldap:///&#x3c;search base DN&#x3e;?&#x3c;attributes&#x3e;?&#x3c;scope&#x3e;?&#x3c;earch filter&#x3e; where:



 : Specifies the search base DN from which to perform searches. It can  be a template or a fixed DN. 

 : Specifies the list of attributes to be  retrieved. It must include the  attribute. 

 : Should be  ,  , or. </li>

 : Specifies either a template or a  fixed filter. </li>

</ul>

Note: No server name is used in this LDAP URL (it must be empty), because the lookup is performed against the internal Directory Server.

Both the search base DN and search filter can be templates containing the following patterns:

<ul>

 (full login id) </li>

 (user part of login id) </li>

 (domain part of login id) </li>

 (value of attribute specified) </li>

</ul>

Note: The % character in %o, %U, %V, and %A needs to be encoded as per the general URI definition. That is, the % character becomes %25.

Example

Consider the following LDAP URL: ldap:///uid=%25A&#x5b;ucsUid&#x5d;,ou=people,o=example.com?mail?base?(objectclass=&#x2a;) In this example, a search is constructed against the internal User/Group directory with the following values:

<ul>

 base DN: </li>

 scope: </li>

 filter: </li>

 attributes to retrieve: </li>

</ul>