|
|
|
A view can be invoked by performing operations on the view entry or below.
You invoke the view by requesting a search that includes the DN of the view.
The invoking search request also specifies a filter and the scope. Both of these are passed to the view.
The DSA uses the filter only to supply values to parameters in the phases of the search.
The scope can be base-object search or a subtree search. The view does not directly use this scope specification, because the scope of each search (phase) in a view is separately defined in the view definition. Instead, the view uses the scope to determine what filter to use in its first phase of the view.
When the scope is a subtree search, the filter is not used directly and the DSA uses the filter in the search request to pass parameters to phase one of the view.
Example: Invoking a View with a Subtree Search Command
In Pay TV example, the view would be invoked by the following command;
ldapsearch -h host -p 30000 -Lb "cn=Channel list,o=Views,c=AU" -s subtree MACAddress=01:02:03 Channel
This search returns the following result if the collapse-result option is enabled:
dn: MACAddress=01:02:03,cn=Channel list,o=Views,c=AU Channel: 1 Channel: 2
Example: Invoking another View with a Subtree Search Command
ldapsearch -h host:30000 -b "cn=SIM,ou=Views,o=ACME" -s subtree (cn=John Smith) SIMCardNumber
This invokes the SIM View view. Phase one of the view should have a filter that includes the term $cn. The DSA replaces any occurrence of $cn in the view with John Smith, and then runs phase one. See also Example: Cell Phone Service Provider.
For a base-object search a filter containing (objectClass=*) can be used to read the entry and resolve the view. The filter in the phase 1 search is ignored for base-object searches, and the DSA uses the search filter you specify instead.
Base-object searches can be used to perform simple queries like (Channel=1) or (!(Channel=2)) which are applied after the view has been resolved.
Example: Base-object search
In the example above the view would be invoked by the following
ldapsearch -h host -p 30000 -Lb "MACAddress=01:02:03,cn=Channel list,o=Views,c=AU" -s base (objectClass=*) Channel
This search returns the following result if the 'collapse-result' option is enabled:
dn: MACAddress=01:02:03,cn=Channel list,o=Views,c=AU Channel: 1 Channel: 2
Example: Invocation of a View with a Base-Object Search Command
ldapsearch -h host:30000 -b "cn=SIM,ou=Views,o=ACME" -s baseobject (baseObject=*) SIMCArdNumber
This invokes the SIM View view. The phase one filter is (baseObject=*).
Many applications perform a subtree search for a specific user. The user is then authenticated via a bind using the distinguished name of the entry returned.
Example: Bind request
If a subtree search of a view entry "cn=SMUsers,o=Views,c=AU" returns the view subordinate entry "guid=1234,cn=SMUsers,o=Views,c=AU", a bind for this user can be performed. The directory processes the bind in this manner::
When a user is authenticated by the view some applications update lastLogin information for that user. When a modify request is received for a view subordinate entry the following processing will take place:
Note: Updates are only applied to the entry returned by the phase 1 search.
When a compare request is received for a view subordinate entry the following processing will take place:
Note: Compares are only applied to the entry returned by the phase 1 search.
| Copyright © 2011 CA. All rights reserved. | Email CA Technologies about this topic |