ReferenceDSA Commands (DXserver Commands)Commands Reference › set allow-search Command—Define a Search Profile

Previous Topic: set allow-native-prefix-reauthentication Command—Allow Router DSAs to Use a Prefix-mapped User Name to Authenticate

Next Topic: set allow-search-default Command—Make One Search Profile the Default

set allow-search Command—Define a Search Profile

The set allow-search command defines a search profile to the DSA. You use search profiles to restrict the searches that users can perform.

This command has the following format:

set allow-search profileName = {

(

scope = allowedScope [,allowedScope ...] 
[filter = allowedFilter [,allowedfilter ...]]

)
[,(

scope = allowedScope [,allowedScope...]
[filter = allowedFilter [,allowedfilter...]]

)]
...

};
profileName

Defines the name that the DSA command interpreter uses to identify the search profile. If the name contains spaces or non-alphanumeric characters, then it must be enclosed in quotes.

scope = allowedScope [,allowedScope ...]

Specifies a search scope that this search profile will allow. A scope parameter can allow multiple scope specifications, which will all share the same filter specification.

allowedScope is one of the following:

read

Allows base-object searches.

browse

Allows one level searches.

subtree

Allows whole subtree searches.

all

Allows searches of any scope.

filter = allowedFilter [,allowedFilter ...]

(Optional) Specifies the filters that are allowed for searches with the preceding search scope. Each scope parameter can have multiple associated filters.

allowedFilter is one of the following:

and

Allows the AND operator in filters, for example, (&(oc=inetOrgPerson)(cn="john smith")).

any

Allows filters with wildcards anywhere, for example, (cn=*john*smith*).

approx

Allows pattern/phonetic matching, for example, (cn~=john smith).

equality

Allows exact match filter items, for example, (cn=john smith).

final

Allows filters with a leading wildcard, for example, (cn=*smith).

greater-or-equal

Allows the >= operator in filters, for example, (retries>=3).

initial

Allows filters with a trailing wildcard, for example, (cn=john*).

less-or-equal

Allows the <= operator in filters, for example, (retries<=3).

none

Allows searches that do not contain a filter.

not

Allows the NOT operator in filters, for example, (!(cn="john smith")).

or

Allows the OR operator in filters, for example, (|(cn="john doe")(cn="john smith")).

present

Allows filters for presence, for example, (objectClass=*).

Example: Allow Any Search

set allow-search superusers = {

( scope = all )
};

This search profile allows any search.

Example: Allow Base-Object Searches Only

set allow-search Guest = {

( scope = read )
};

This search profile allows base-object searches only. No filter is specified with the scope parameter, so the search can contain any filter or none.

Example: Allow Base-Object Searches and Some Other Searches

set allow-search userDefault = {

(scope = read),
(scope = browse, subtree
 filter = and, or, equality)
};

This search profile allows base-object searches with any filter and other searches if they have a filter for exact matches.