beautypg.com

Viewing the ldap schema properties section, Ldap schema properties section components – HP Secure Key Manager User Manual

Page 146

background image

Figure 71 Viewing the LDAP Schema Properties section

The following table describes the components of the LDAP Schema Properties section.

Table 52 LDAP Schema Properties section components

Description

Component

The base distinguished name (DN) from which to begin the search for usernames.

User Base DN

The attribute type for the user on which to search. The attribute type you choose must
result in globally unique users.

User ID Attribute

The search filter for users, for example:

(& (objectClass=user) (objectCategory=person))To specify all,

use

(objectClass=*)

User List Filter

The base DN from which to begin the search for groups.

Group Base DN

The attribute type for the group on which to search.

Group ID Attribute

The search filter for groups, for example:

(objectClass=group)

Group List Filter

The Group Member Attribute is the attribute that is used to search for a user within a
group, for example, member. The format of the Group Member attribute may be a
user ID or a DN and is determined by the next setting.

Group Member At-
tribute

The Group Member attribute can take one of two formats:

User ID

User DN

Group Member At-
tribute Format

The Search Scope determines how deep within the LDAP user directory the KMS
Server searches for a user or group.

One Level: search only the children of the base node

Subtree: search all the descendents of the base node. Depending on the size of
your LDAP directory, this can be very inefficient.

NOTE:

The LDAP protocol supports four search scopes: base, one level, subtree and
children. The KMS Server allows you to specify only one level and subtree at this
time. You should note that subtree includes base and children, so by specifying
subtree, the search scope includes subtree, base, and children.

Search Scope

Using the Management Console

146