derby.authentication.ldap.searchFilterThe derby.authentication.ldap.searchFilter property specifies
the search filter to use to determine what constitutes a user (and other search
predicate) for searches
for a full DN during user authentication.derby.authentication.ldap.searchfilter propertyLDAPconfiguring
If you set this property to derby.user,
looks for cached full
DNs for users that you have defined with the
derby.user.UserName property.
For other users,
performs a search using the default search filter.
For more information about LDAP user authentication, see "Configuring LDAP
authentication" in the .
Syntaxderby.authentication.ldap.searchFilter=
{ searchFilter | derby.user)Default(&(objectClass=inetOrgPerson)(uid=userName)) automatically
uses the filter you specify with ((uid=userName)) unless you include
%USERNAME% in the definition. You might want to use %USERNAME% if your user DNs
map the user name to something other than uid (for example,
user).Example-- system-wide properties
derby.authentication.ldap.searchFilter=objectClass=person
## people in the marketing department
## automatically adds (uid=<userName>)
derby.authentication.ldap.searchFilter=(&(ou=Marketing)
(objectClass=person))
## all people but those in marketing
## automatically adds (uid=<userName>)
derby.authentication.ldap.searchFilter=(&(!(ou=Marketing)
(objectClass=person))
## map %USERNAME% to user, not uid
derby.authentication.ldap.searchFilter=(&((ou=People)
(user=%USERNAME%))
## cache user DNs locally and use the default for others
derby.authentication.ldap.searchFilter=derby.user
-- database-wide property
CALL SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY(
'derby.authentication.ldap.searchFilter',
'objectClass=person')Dynamic or static
Static. For system-wide properties, you must reboot
for the change to take
effect. For database-wide properties, you must reboot the database for the
change to take effect.