1ldapsearchprefs.conf(4) File Formats ldapsearchprefs.conf(4)
2
6 ldapsearchprefs.conf - configuration file for LDAP search preference
7 routines
8
10 /etc/opt/SUNWconn/ldap/current/ldapsearchprefs.conf
11
14 The ldapsearchprefs.conf file contains information used by LDAP when
15 searching the directory. Blank lines and lines that start with a hash
16 ('#') character are treated as comments and ignored. Non-comment lines
17 contain one or more tokens. Tokens are separated by white space, and
18 double quotes can be used to include white space inside a token.
19 Search preferences are typically used by LDAP-based client programs to
22 specify what a user may search for, which attributes are searched, and
23 which options are available to the user.
24 The first non-commment line specifies the version of the template
27 information and must contain the token Version followed by an integer
28 version number. For example:
29 Version 1
31 The current version is 1, so the above example is always the correct
36 opening line.
37 The remainder of the file consists of one or more search preference
40 configurations. The first line of a search preference is a human-read‐
41 able name for the type of object being searched for, for example People
42 or Organizations. This name is stored in the so_objtypeprompt member of
43 the ldap_searchobj structure (see ldap_searchprefs(3LDAP)). For exam‐
44 ple:
45 People
47 specifies a label for a search preference designed to find X.500
52 entries for people.
53 The next line specifies a list of options for this search object. The
56 only option currently allowed is "internal" which means that this
57 search object should not be presented directly to a user. Options are
58 placed in the so_options member of the ldap_searchobj structure and can
59 be tested using the LDAP_IS_SEARCHOBJ_OPTION_SET() macro. Use "" if no
60 special options are required.
61 The next line specifes a label to use for "Fewer Choices" searches.
64 "Fewer Choices" searches are those where the user's input is fed to the
65 ldap_filter routines to determine an appropriate filter to use. This
66 contrasts with explicitly-constructed LDAP filters, or "More Choices"
67 searches, where the user can explicitly construct an LDAP filter.
68 For example:
71 "Search For:"
73 can be used by LDAP client programs to label the field into which the
78 user can type a "Fewer Choices" search.
79 The next line specifies an LDAP filter prefix to append to all "More
82 Choices" searched. This is typically used to limit the types of entries
83 returned to those containing a specific object class. For example:
84 "(&(objectClass=person)"
86 would cause only entries containing the object class person to be
91 returned by a search. Note that parentheses may be unbalanced here,
92 since this is a filter prefix, not an entire filter.
93 The next line is an LDAP filter tag which specifies the set of LDAP
96 filters to be applied for "Fewer Choices" searching. The line
97 "x500-People"
99 would tell the client program to use the set of LDAP filters from the
104 ldap filter configuration file tagged "x500-People".
105 The next line specifies an LDAP attribute to retrieve to help the user
108 choose when several entries match the search terms specified. For exam‐
109 ple:
110 "title"
112 specifies that if more than one entry matches the search criteria, the
117 client program should retrieve the title attribute that and present
118 that to the user to allow them to select the appropriate entry. The
119 next line specifies a label for the above attribute, for example,
120 "Title:"
122 Note that the values defined so far in the file are defaults, and are
127 intended to be overridden by the specific search options that follow.
128 The next line specifies the scope of the LDAP search to be performed.
131 Acceptable values are subtree, onelevel, and base.
132 The next section is a list of "More Choices" search options, terminated
135 by a line containing only the string END. For example:
136 "Common Name" cn 11111 "" ""
138 "Surname" sn 11111 "" ""
139 "Business Phone" "telephoneNumber" 11101 "" ""
140 END
141 Each line represents one method of searching. In this example, there
146 are three ways of searching - by Common Name, by Surname, and by Busi‐
147 ness Phone number. The first field is the text which should be dis‐
148 played to user. The second field is the attribute which will be
149 searched. The third field is a bitmap which specifies which of the
150 match types are permitted for this search type. A "1" value in a given
151 bit position indicates that a particular match type is valid, and a "0"
152 indicates that is it not valid. The fourth and fifth fields are,
153 respectively, the select attribute name and on-screen name for the
154 selected attribute. These values are intended to override the defaults
155 defined above. If no specific values are specified, the client software
156 uses the default values above.
157 The next section is a list of search match options, terminated by a a
160 line containing only the string END. Example:
161 "exactly matches" "(%a=%v))"
163 "approximately matches" "(%a~=%v))"
164 "starts with" "(%a=%v*))"
165 "ends with" "(%a=*%v))"
166 "contains" "(%a=*%v*))"
167 END
168 In this example, there are five ways of refining the search. For each
173 method, there is an LDAP filter suffix which is appended to the ldap
174 filter.
175
177 Example 1 A Sample Configuration Using Search Preference for "people"
178 The following example illustrates one possible configuration of search
181 preferences for "people".
182 # Version number
185 Version 1
186 # Name for this search object
187 People
188 # Label to place before text box user types in
189 "Search For:"
190 # Filter prefix to append to all "More Choices" searches
191 "(&(objectClass=person)"
192 # Tag to use for "Fewer Choices" searches - from ldapfilter.conf file
193 "x500-People"
194 # If a search results in > 1 match, retrieve this attribute to help
195 # user distinguish between the entries...
196 multilineDescription
197 # ...and label it with this string:
198 "Description"
199 # Search scope to use when searching
200 subtree
201 # Follows a list of "More Choices" search options. Format is:
202 # Label, attribute, select-bitmap, extra attr display name, extra attr ldap name
203 # If last two are null, "Fewer Choices" name/attributes used
204 "Common Name" cn 11111 "" ""
205 "Surname" sn 11111 "" ""
206 "Business Phone" "telephoneNumber" 11101 "" ""
207 "E-Mail Address" "mail" 11111 "" ""
208 "Uniqname" "uid" 11111 "" ""
209 END
210 # Match types
211 "exactly matches" "(%a=%v))"
212 "approximately matches" "(%a~=%v))"
213 "starts with" "(%a=%v*))"
214 "ends with" "(%a=*%v))"
215 "contains" "(%a=*%v*))"
216 END
217 In this example, the user may search for People. For "fewer choices"
221 searching, the tag for the ldapfilter.conf(4) file is "x500-People".
222
224 See attributes(5) for a description of the following attributes:
225 ┌─────────────────────────────┬─────────────────────────────┐
230 │ ATTRIBUTE TYPE │ ATTRIBUTE VALUE │
231 ├─────────────────────────────┼─────────────────────────────┤
232 │Availability │SUNWlldap │
233 │Stability Level │Evolving │
234 └─────────────────────────────┴─────────────────────────────┘
235
237 ldap_searchprefs(3LDAP) , attributes(5)
238SunOS 5.11 9 Jul 2003 ldapsearchprefs.conf(4)