derby.authentication.ldap.searchFilter

Function

Specifies the search filter to use to determine what constitutes a user (and other search predicate) for Derby searches for a full DN during user authentication.

If you set this property to derby.user, Derby looks for cached full DNs for users that you have defined with the derby.user.UserName property. For other users, Derby performs a search using the default search filter.

For more information about LDAP user authentication, see "LDAP directory service" in the Derby Developer's Guide.

Syntax

derby.authentication.ldap.searchFilter=
    { searchFilter | derby.user)

Default

(&(objectClass=inetOrgPerson)(uid=userName))
Note: Derby automatically uses the filter you specify with ((uid=userName)) unless you include %USERNAME% in the definition. You might want to use %USERNAME% if your user DNs map the user name to something other than uid (for example, user).

Example

-- system-wide properties
derby.authentication.ldap.searchFilter=objectClass=person
## people in the marketing department
## Derby automatically adds (uid=<userName>)
derby.authentication.ldap.searchFilter=(&(ou=Marketing)
    (objectClass=person))
## all people but those in marketing
## Derby automatically adds (uid=<userName>)
derby.authentication.ldap.searchFilter=(&(!(ou=Marketing)
    (objectClass=person))
## map %USERNAME% to user, not uid
derby.authentication.ldap.searchFilter=(&((ou=People)
(user=%USERNAME%))
## cache user DNs locally and use the default for others
derby.authentication.ldap.searchFilter=derby.user

-- database-wide property
CALL SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY(
    'derby.authentication.ldap.searchFilter',
    'objectClass=person')

Dynamic or static

Static. For system-wide properties, you must reboot Derby for the change to take effect. For database-wide properties, you must reboot the database for the change to take effect.

Related reference
derby.authentication.builtin.algorithm
derby.authentication.builtin.iterations
derby.authentication.builtin.saltLength
derby.authentication.ldap.searchAuthDN
derby.authentication.ldap.searchAuthPW
derby.authentication.ldap.searchBase
derby.authentication.native.passwordLifetimeMillis
derby.authentication.native.passwordLifetimeThreshold
derby.authentication.provider
derby.authentication.server
derby.connection.requireAuthentication
derby.database.classpath
derby.database.defaultConnectionMode
derby.database.forceDatabaseLock
derby.database.fullAccessUsers
derby.database.noAutoBoot
derby.database.propertiesOnly
derby.database.readOnlyAccessUsers
derby.database.sqlAuthorization
derby.infolog.append
derby.jdbc.xaTransactionTimeout
derby.language.logQueryPlan
derby.language.logStatementText
derby.language.sequence.preallocator
derby.language.statementCacheSize
derby.locks.deadlockTimeout
derby.locks.deadlockTrace
derby.locks.escalationThreshold
derby.locks.monitor
derby.locks.waitTimeout
derby.replication.logBufferSize
derby.replication.maxLogShippingInterval
derby.replication.minLogShippingInterval
derby.replication.verbose
derby.storage.indexStats.auto
derby.storage.indexStats.log
derby.storage.indexStats.trace
derby.storage.initialPages
derby.storage.minimumRecordSize
derby.storage.pageCacheSize
derby.storage.pageReservedSpace
derby.storage.pageSize
derby.storage.rowLocking
derby.storage.tempDirectory
derby.storage.useDefaultFilePermissions
derby.stream.error.extendedDiagSeverityLevel
derby.stream.error.field
derby.stream.error.file
derby.stream.error.logBootTrace
derby.stream.error.logSeverityLevel
derby.stream.error.method
derby.system.bootAll
derby.system.durability
derby.system.home
derby.user.UserName
DataDictionaryVersion