derby.authentication.ldap.searchFilter

Function

Specifies the search filter to use to determine what constitutes a user (and other search predicate) for Derby searches for a full DN during user authentication.

If you set this property to derby.user, Derby looks for cached full DNs for users that you have defined with the derby.user.UserName property. For other users, Derby performs a search using the default search filter.

For more information about LDAP user authentication, see "LDAP Directory Service" in Chapter 7 of the Derby Developer's Guide.

Syntax

derby.authentication.ldap.searchFilter=
    { searchFilter | derby.user)

Default

(&(objectClass=inetOrgPerson)(uid=userName))
Note: Derby automatically uses the filter you specify with ((uid=userName)) unless you include %USERNAME% in the definition. You might want to use %USERNAME% if your user DNs map the user name to something other than uid (for example, user).

Example

-- system-wide properties
derby.authentication.ldap.searchFilter=objectClass=person
## people in the marketing department
## Derby  automatically adds (uid=<userName>)
derby.authentication.ldap.searchFilter=(&(ou=Marketing)
    (objectClass=person))
## all people but those in marketing
## Derby  automatically adds (uid=<userName>)
derby.authentication.ldap.searchFilter=(&(!(ou=Marketing)
    (objectClass=person))
## map %USERNAME% to user, not uid
derby.authentication.ldap.searchFilter=(&((ou=People)
(user=%USERNAME%))
## cache user DNs locally and use the default for others
derby.authentication.ldap.searchFilter=derby.user

-- database-wide property
CALL SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY(
    'derby.authentication.ldap.searchFilter',
    'objectClass=person')

Dynamic or static

Static. For system-wide properties, you must reboot Derby for the change to take effect. For database-wide properties, you must reboot the database for the change to take effect.

Related reference
derby.authentication.ldap.searchAuthDN
derby.authentication.ldap.searchAuthPW
derby.authentication.ldap.searchBase
derby.authentication.provider
derby.authentication.server
derby.connection.requireAuthentication
derby.database.defaultConnectionMode
derby.database.forceDatabaseLock
derby.database.fullAccessUsers
derby.database.propertiesOnly
derby.database.readOnlyAccessUsers
derby.database.sqlAuthorization
derby.infolog.append
derby.jdbc.xaTransactionTimeout
derby.language.logQueryPlan
derby.language.logStatementText
derby.locks.deadlockTimeout
derby.locks.deadlockTrace
derby.locks.escalationThreshold
derby.locks.monitor
derby.locks.waitTimeout
derby.storage.initialPages
derby.storage.minimumRecordSize
derby.storage.pageCacheSize
derby.storage.pageReservedSpace
derby.storage.pageSize
derby.storage.tempDirectory
derby.stream.error.field
derby.stream.error.file
derby.stream.error.method
derby.stream.error.logSeverityLevel
derby.system.durability
derby.system.home
derby.user.UserName