set view "SIM View" = {
description = "Display Sim Number given a name"

This line defines a view and gives it a name. The name and description are displayed from the get view command.

entry = <o ACME><ou Views><cn "SIM">

This line defines the base object DN for this view. The user specifies this virtual entry to invoke the view, so to invoke this view with the ldapsearch command, the command line must include the following option:

-b "cn=SIM,ou=Views,o=ACME"

In this organization (ACME), the administrator has included an organizational unit called Views solely to ensure that all the view DNs are unique.

(phase = 1
 subtree = "ou=Customers,o=ACME"
 filter = "(cn=$cn)"
 ),

This is the first phase of the view, so it must be labeled 1.

When the view is invoked, the phase searches the subtree starting at the following DN:

"ou=Customers,o=ACME"

The use of the term $cn in the phase means that users must specify the value of cn when they invoke the view. For example, the search could include the filter:

(cn="John Smith")

The DSA uses this value to replace $cn term. Therefore, phase 1 performs a search with the following filter:

(cn="John Smith")

Because the phase does not include any other options, the phase returns all the information for the entries in the subtree that match the filter.

(phase = 2
 subtree = "ou=cellphones,ou=Accounts,o=ACME"
 filter = "(account=$1:cellphone)"
 eis = simCardNumber
 options = result-required
 )
};

This is the second phase of the view, so it must be labeled 2.

This phase searches the following subtree:

"ou=cellphones,ou=Accounts,o=ACME"

The DSA replaces $1:cellphone with the value of the cellphone attribute returned by phase 1, for example, 01001001001

The eis option means that the only attribute value that the phase returns is simCardnumber.

If the customer has two phones, then the filter is an OR of the phone numbers returned, as in the following example:

(|(account=01001001001)(account=01001001002)

Two simCardNumber values are returned in this case.

Because this phase specifies result-required, the DSA checks that the link between the attributes in each subtree is valid. If the link is not valid, then it raises an alarm.