derby.authentication.ldap.searchFilter

Function

Specifies the search filter to use to determine what constitutes a user (and other search predicate) for Derby searches for a full DN during user authentication.

If you set this property to derby.user, Derby looks for cached full DNs for users that you have defined with the derby.user.UserName property. For other users, Derby performs a search using the default search filter.

For more information about LDAP user authentication, see "LDAP Directory Service" in Chapter 7 of the Derby Developer's Guide.

Syntax

derby.authentication.ldap.searchFilter=
    { searchFilter | derby.user)

Default

(&(objectClass=inetOrgPerson)(uid=userName))

Note: Derby automatically uses the filter you specify with ((uid=userName)) unless you include %USERNAME% in the definition. You might want to use %USERNAME% if your user DNs map the user name to something other than uid (for example, user).

Example

-- system-wide properties
derby.authentication.ldap.searchFilter=objectClass=person
## people in the marketing department
## Derby  automatically adds (uid=<userName>)
derby.authentication.ldap.searchFilter=(&(ou=Marketing)
    (objectClass=person))
## all people but those in marketing
## Derby  automatically adds (uid=<userName>)
derby.authentication.ldap.searchFilter=(&(!(ou=Marketing)
    (objectClass=person))
## map %USERNAME% to user, not uid
derby.authentication.ldap.searchFilter=(&((ou=People)
(user=%USERNAME%))
## cache user DNs locally and use the default for others
derby.authentication.ldap.searchFilter=derby.user

-- database-wide property
CALL SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY(
    'derby.authentication.ldap.searchFilter',
    'objectClass=person')

Dynamic or static

Static. For system-wide properties, you must reboot Derby for the change to take effect. For database-wide properties, you must reboot the database for the change to take effect.