InetDomainSearchFilter LDAP Attribute

From Messaging Server Technical Reference Wiki
Jump to: navigation, search

directory string (UTF-8), single-valued


LDAP search filter to use in search templates when performing a native mode search. The compatibility mode RFC 2247 algorithm search requires this attribute, but ignores its value.

Used during authentication to map login name in that domain to an LDAP entry. The following variables can be used in constructing the filter:

  • %U - Name part of the login name (that is, everything before the login separator stored in the servers configuration)
  • %V--Domain part of the login string
  • %o--Original login ID entered by the user

If this attribute is missing, it is equivalent to:


Namespaces where users are provisioned with compound userIDs, such as, where john is the userID and is the domain, would use a search filter of:


This maps a login string of (where @ is the login separator for the service) into a search request by the service for an entry's namespace of, where

An alternate example of using this attribute would be for sites wanting to log people in based on their employee identification. Assuming the attribute empID in user entries stores employee identifications, the search filter would be:


This attribute must return a unique match for valid users within the inetDomainBaseDN subtree.


inetDomainSearchFilter: uid=%U