Search

Skip to end of metadata
Go to start of metadata

Instead of specifying only a username field, the use of a filter allows compatibility with a greater variety of LDAP structures - e.g. where including all valid users requires binding to a node that will also include invalid users, the filter can be set to exclude the invalid users.

LDAP

cn=${uid}

The default LDAP filter using common name as the username


mail=${uid}

An example LDAP filter using email address as the username

ActiveDirectory

(&(objectCategory=Person)(sAMAccountName=${uid}))

The Default ActiveDirectory filter uses the Windows login as the username and requires the user to have an object category of person.


(&(objectCategory=Person)(mail=${uid})(memberOf=cn=students,dc=domain,dc=com))

An example ActiveDirectory filter still requiring the user to have an object category of person but this time using the primary email address as the username and additionally limited to users in the students security group.

 

(|(mail=${uid})(sAMAccountName=${uid}))

An example where object category is not important and either the email address or the Windows username are accepted as the user ID. Notice the vertical bar used to signify OR at the beginning.

 

(&(objectCategory=Person)(|(mail=${uid})(sAMAccountName=${uid})))

Similar to the above OR example, but this time the objectCategory must be Person again.

  • No labels