Database Reference
In-Depth Information
Configuration
option name
Description
context (LDAP
context
configuration)
The default password, used with the default username.
default-
password
account (LDAP
account search and
property mapping
configuration)
The prefix to use when searching the LDAP directory. This should indicate the class of a user within
the LDAP directory.
For example, with Active Directory you would use the value
objectClass=user
. eXist would
then construct an LDAP search string like
(&(objectClass=user)(
name
=
value
))
, where
name
will be substituted by the actual LDAP attribute indicated by a
search-attribute
and
value
will be substituted by the criteria of the thing you are trying to find.
Trying to retrieve the user account for Bob Smith (
bsmith
) from Active Directory would, for
example, cause eXist to produce the LDAP search string
(&(objectClass=user)(sAMAc
countName=bsmith))
.
search-filter-
prefix
As an LDAP directory can come in any shape, eXist needs to know how to address certain properties
of the user account in the directory. The
search-attribute
maps an account property that eXist
can understand to an LDAP directory property.
eXist requires
search-attribute
for the following account properties:
search-
attribute
eXist account
property
Map to (description)
The property that holds a SID (Unique Security Identifier) for the account.
objectSid
The property that holds the ID of the user account's primary group
membership.
primaryGroupID
The property that holds the username of the account (i.e., the name used
to log in).
name
The property that holds the LDAP directory DN (distinguished name) of
the account.
dn
The property that holds the list of groups that this account is a member
of.
memberOf
Search WWH ::
Custom Search