Previous Topic: How to Install the Agent SilentlyNext Topic: Install the Agent as a Windows Service

Installing on WindowsHow to Install the Agent SilentlyLDAP User Search Filter

LDAP User Search Filter

You can use an RFC-2254-compliant search filter for locating a user.

LDAPFILTER=\"search-filter\"

(Optional) Defines an RFC-2254-compliant search filter for locating a user. For example, when a user attempts to log in to the product, this filter is used to search for the user in the LDAP server.

Enter the back slashes (\) and quotation marks (" ") literally as shown.

Default: (&(objectclass=person)(user-attribute-name=<placeholder>))

Note: The complete expression for the search filter used by your LDAP server may differ from the default value, depending on how your LDAP server has been configured. For details, see your system administrator.

(user-attribute-name=<placeholder>)

Specifies the LDAP User attribute name and its placeholder used in the search.

user-attribute-name

Defines your LDAP server's attribute name for user name. This value must be the same as the value specified for your LDAP server by the LDAP User Attribute name parameter, ‑ldapattrusrname=attribute name.

<placeholder>

Identifies a literal constant placeholder for user-attribute-name. Enter exactly the same value as user-attribute-name and enclose the value with angle brackets (< >), as shown in the following examples.

Examples

These examples use the default search filter.

If ‑ldapattrusrname=uid for your LDAP server, then the search filter is:

(&(objectclass=person)(uid=<uid>))

If ‑ldapattrusrname=cn for your LDAP server, then the search filter is:

(&(objectclass=person)(cn=<cn>))

If ‑ldapattrusrname=uname for your LDAP server, then the search filter is:

(&(objectclass=person)(uname=<uname>))

Examples: How the Search Filter is Used

The search filter is used to find a user name when it is required by any operation. For example, consider (&(objectclass=person)(uid=<uid>)): When a user attempts to log in to the product, <uid> is replaced dynamically with the user's user name, and the LDAP directory is searched for this user.

These examples use the default search filter and use the setting ‑ldapattrusrname=uid:

When the user amy33 attempts to log on, the search filter used to locate this user is:

(&(objectclass=person)(uid=<amy33>))

When the user john22 attempts to log on, the search filter used to locate this user is:

(&(objectclass=person)(uid=<john22>))