Lotus Domino Administrator 6.5 Help - Configuring search filters in a Directory Assistance document for a remote LDAP directory

DIRECTORY SERVICES

Configuring search filters in a Directory Assistance document for a remote LDAP directory
If servers use directory assistance to search a remote LDAP directory, you can use the field "Type of search filter to use" in the Directory Assistance document for the directory to control which LDAP search filters are used to search the directory. The following choices are available.

Search filter option	Description
Standard LDAP (Default)	Uses standard LDAP search filters that work with most LDAP directory servers, including Domino, IBM Directory Server, Netscape/iPlanet Directory Server
Active Directory	Uses predefined search filters that work with Active Directory servers. Select this option if the remote LDAP directory is Active Directory.
Custom	Use to define your own search filters.

Note The Active Directory search filter option replaces the Release 5 NOTES.INI setting WebAuth_AD_Group, which allowed for searches of Active Directory groups.

Defining custom search filters
You might need to define custom search filters if searches are not returning results or are returning results for the wrong entries. This situation can occur if the remote LDAP directory server uses a non-standard schema.

Selecting "Custom" in the "Type of search filter to use" field displays the following three fields used to define the custom search filters.

Custom search filter field Description

Mail Filter If directory assistance is set up so that Notes users can look up mail addresses in the directory, specify a search filter to use to look up the names in the directory. Leave the field blank to use the following default search filter:
(|(cn=%*)(|(&(sn=%a)(givenname=%z))(&(sn=%z)(givenname=%a))))

Authentication Filter Specify a search filter to use to search for the names of users when using the remote LDAP directory for client authentication. Leave the field blank to use the following default search filter:
(|(cn=%*)(|(&(sn=%a)(givenname=%z))(&(sn=%z)(givenname=%a))))

Authorization Filter Specify a search filter to use to look up the members of groups for Notes database authorization. Leave the field blank to use the following default search filter:
(|(&(objectclass=groupOfUniqueNames)(UniqueMember=%*))(&(objectclass=groupOfNames)(Member=%*)))

To define custom search filters, you should be familiar with valid search filter syntax described in RFCs 2251 and 2254.

Syntax for custom LDAP search filters
To define a custom search filter, insert parameters into standard LDAP search filters to represent a part of the names being searched for.

Name part Defined as Example of name part (in bold) Parameter to insert to represent name part

First name The set of characters from the first character to the first space or punctuation Alex M Davidson %a

Last name The set of characters from the last space or punctuation to the last character Alex M Davidson %z

Whole name The entire name Alex M Davidson %*

Local part Local part of an RFC 822 mail address amd@acme.com %l

Domain part Domain part of an RFC 822 mail address amd@acme.com %d

Examples of custom LDAP search filters

Name searched for Search filter formula in Directory Assistance document Search filter used to search for the name

Alex M Davidson (|(givenname=%a)(sn=%z)(cn=%*)(mail=%l)) (|(givenname=Alex)(sn=Davidson)(cn=Alex M Davidson)(mail=""))

amd (EmpID=%*) (EmpID=amd)

amd (EmpID=%z) (EmpID="")

amd (mail=%*@acme.com) (mail=amd@acme.com)

amd (mail=%*@*) (mail=amd@*)

amd@acme.com (mail=*@%d) (mail=*@acme.com)

amd@acme.com (mail=%*) (mail=amd@acme.com)

amd@acme.com (uid=%l) (uid=amd)

blue (color=%*) (color=blue)

See also

Creating a Directory Assistance document for a remote LDAP directory

Setting up directory assistance

Glossary

Help on Help

Open Full Help Window

Glossary

Help on Help

Open Full Help Window

Custom search filter field	Description
Mail Filter	If directory assistance is set up so that Notes users can look up mail addresses in the directory, specify a search filter to use to look up the names in the directory. Leave the field blank to use the following default search filter: (\|(cn=%*)(\|(&(sn=%a)(givenname=%z))(&(sn=%z)(givenname=%a))))
Authentication Filter	Specify a search filter to use to search for the names of users when using the remote LDAP directory for client authentication. Leave the field blank to use the following default search filter: (\|(cn=%*)(\|(&(sn=%a)(givenname=%z))(&(sn=%z)(givenname=%a))))
Authorization Filter	Specify a search filter to use to look up the members of groups for Notes database authorization. Leave the field blank to use the following default search filter: (\|(&(objectclass=groupOfUniqueNames)(UniqueMember=%))(&(objectclass=groupOfNames)(Member=%)))

Name part	Defined as	Example of name part (in bold)	Parameter to insert to represent name part
First name	The set of characters from the first character to the first space or punctuation	Alex M Davidson	%a
Last name	The set of characters from the last space or punctuation to the last character	Alex M Davidson	%z
Whole name	The entire name	Alex M Davidson	%*
Local part	Local part of an RFC 822 mail address	amd@acme.com	%l
Domain part	Domain part of an RFC 822 mail address	amd@acme.com	%d

Name searched for	Search filter formula in Directory Assistance document	Search filter used to search for the name
Alex M Davidson	(\|(givenname=%a)(sn=%z)(cn=%*)(mail=%l))	(\|(givenname=Alex)(sn=Davidson)(cn=Alex M Davidson)(mail=""))
amd	(EmpID=%*)	(EmpID=amd)
amd	(EmpID=%z)	(EmpID="")
amd	(mail=%*@acme.com)	(mail=amd@acme.com)
amd	(mail=%@)	(mail=amd@*)
amd@acme.com	(mail=*@%d)	(mail=*@acme.com)
amd@acme.com	(mail=%*)	(mail=amd@acme.com)
amd@acme.com	(uid=%l)	(uid=amd)
blue	(color=%*)	(color=blue)