LDAPFILTER.CONF(5) File Formats and Configurations LDAPFILTER.CONF(5)
NAME
ldapfilter.conf - configuration file for LDAP filtering routines
SYNOPSIS
/etc/opt/SUNWconn/ldap/current/ldapfilter.confDESCRIPTION
The
ldapfilter.conf file contains information used by the LDAP
filtering routines.
Blank lines and lines that begin with a hash character (
#) are
treated as comments and ignored. The configuration information
consists of lines that contain one to five tokens. Tokens are
separated by white space, and double quotes can be used to include
white space inside a token.
The file consists of a sequence of one or more filter sets. A filter
set begins with a line containing a single token called a
tag.
The filter set consists of a sequence of one or more filter lists.
The first line in a filter list must contain four or five tokens: the
value pattern, the
delimiter list, a
filtertemplate, a
match description, and an optional
search scope. The
value pattern is a
regular expression that is matched against the value passed to the
LDAP library call to select the filter list.
The
delimiter list is a list of the characters (in the form of a
single string) that can be used to break the
value into distinct
words.
The
filter template is used to construct an LDAP filter (see
description below)
The
match description is returned to the caller along with a filter
as a piece of text that can be used to describe the sort of LDAP
search that took place. It should correctly compete both of the
following phrases: "One
match description match was found for ..."
and "Three
match description matches were found for...."
The
search scope is optional, and should be one of
base,
onelevel, or
subtree. If
search scope is not provided, the default is
subtree.
The remaining lines of the filter list should contain two or three
tokens, a
filter template, a
match description and an optional
search scope.
The
filter template is similar in concept to a
printf(3C) style
format string. Everything is taken literally except for the character
sequences:
%v Substitute the entire
value string in place of the
%v.
%v$ Substitute the last word in this field.
%vN Substitute word
N in this field (where
N is a single digit
1-
9). Words are numbered from left to right within the value
starting at
1.
%vM-N Substitute the indicated sequence of words where
M and
N are
both single digits
1-
9.
%vN- Substitute word
N through the last word in
value where
N is
again a single digit
1-
9.
EXAMPLES
Example 1: An LDAP Filter Configuration File
The following LDAP filter configuration file contains two filter
sets,
example1 and
example2 onelevel, each of which contains four
filter lists.
# ldap filter file
#
example1
"=" " " "%v" "arbitrary filter"
"[0-9][0-9-]*" " " "(telephoneNumber=*%v)" "phone number"
"@" " " "(mail=%v)" "email address"
"^.[. _].*" ". _" "(cn=%v1* %v2-)" "first initial"
".*[. _].$" ". _" "(cn=%v1-*)" "last initial"
"[. _]" ". _" "(|(sn=%v1-)(cn=%v1-))" "exact"
"(|(sn~=%v1-)(cn~=%v1-))" "approximate"
".*" ". " "(|(cn=%v1)(sn=%v1)(uid=%v1))" "exact"
"(|(cn~=%v1)(sn~=%v1))" "approximate"
"example2 onelevel"
"^..$" " " "(|(o=%v)(c=%v)(l=%v)(co=%v))" "exact" "onelevel"
"(|(o~=%v)(c~=%v)(l~=%v)(co~=%v))" "approximate"
"onelevel"
" " " " "(|(o=%v)(l=%v)(co=%v)" "exact" "onelevel"
"(|(o~=%v)(l~=%v)(co~=%v)" "approximate" "onelevel"
"." " " "(associatedDomain=%v)" "exact" "onelevel"
".*" " " "(|(o=%v)(l=%v)(co=%v)" "exact" "onelevel"
"(|(o~=%v)(l~=%v)(co~=%v)" "approximate" "onelevel"
ATTRIBUTES
See
attributes(7) for a description of the following attributes:
+----------------+-----------------+
|ATTRIBUTE TYPE | ATTRIBUTE VALUE |
|Stability Level | Evolving |
+----------------+-----------------+
SEE ALSO
ldap_getfilter(3LDAP),
ldap_ufn(3LDAP),
attributes(7) July 9, 2003 LDAPFILTER.CONF(5)
