Field | Description |
---|---|
Group Search Base | Directory that is used for group searches, such as ou=employees,dc=mydomain,dc=com. |
Group Search Filter | LDAP filter expression that is used when you search for user entries. The user name replaces the {1} variable in the search pattern and the full user distinguished name (DN) replaces the {0} variable, for example, member={0}. |
Group Name | The name of the entry that contains the users group names in the directory entries that are returned by the group search. If this entry is not specified, no group search runs. For example, enter cn. |
Search Group Subtree | Subtrees (if any) are searched if selected. If the item is not selected, the search is limited to the group search base and its immediate child nodes. |
The values in the Group Search Base and Search Group Subtree fields define the scope of the search. Within the scope, groups that match the user-entered group search filter are searched. The value in the Group Name field specifies the LDAP attribute that contains the group name.
If you select User roles are defined as an attribute on that user; look up group membership using this attribute, specify the name of the attribute that contains role names in the user directory entry in the User Group Attribute field. If user groups are defined in LDAP as an attribute of the user, the Group Attribute configuration must be used.