Viewing the ldap schema properties section, Ldap schema properties section components – HP Secure Key Manager User Manual
Page 146
Figure 71 Viewing the LDAP Schema Properties section
The following table describes the components of the LDAP Schema Properties section.
Table 52 LDAP Schema Properties section components
Description
Component
The base distinguished name (DN) from which to begin the search for usernames.
User Base DN
The attribute type for the user on which to search. The attribute type you choose must
result in globally unique users.
User ID Attribute
The search filter for users, for example:
(& (objectClass=user) (objectCategory=person))To specify all,
use
(objectClass=*)
User List Filter
The base DN from which to begin the search for groups.
Group Base DN
The attribute type for the group on which to search.
Group ID Attribute
The search filter for groups, for example:
(objectClass=group)
Group List Filter
The Group Member Attribute is the attribute that is used to search for a user within a
group, for example, member. The format of the Group Member attribute may be a
user ID or a DN and is determined by the next setting.
Group Member At-
tribute
The Group Member attribute can take one of two formats:
•
User ID
•
User DN
Group Member At-
tribute Format
The Search Scope determines how deep within the LDAP user directory the KMS
Server searches for a user or group.
•
One Level: search only the children of the base node
•
Subtree: search all the descendents of the base node. Depending on the size of
your LDAP directory, this can be very inefficient.
NOTE:
The LDAP protocol supports four search scopes: base, one level, subtree and
children. The KMS Server allows you to specify only one level and subtree at this
time. You should note that subtree includes base and children, so by specifying
subtree, the search scope includes subtree, base, and children.
Search Scope
Using the Management Console
146