1 LDAPSEARCHPREFS.CONF(4) File Formats and Configurations
2
3
4
5 NAME
6 ldapsearchprefs.conf - configuration file for LDAP search preference
7 routines
8
9 SYNOPSIS
10 /etc/opt/SUNWconn/ldap/current/ldapsearchprefs.conf
11
12
13 DESCRIPTION
14 The ldapsearchprefs.conf file contains information used by LDAP when
15 searching the directory. Blank lines and lines that start with a hash
16 ('#') character are treated as comments and ignored. Non-comment lines
17 contain one or more tokens. Tokens are separated by white space, and
18 double quotes can be used to include white space inside a token.
19
20
21 Search preferences are typically used by LDAP-based client programs to
22 specify what a user may search for, which attributes are searched, and
23 which options are available to the user.
24
25
26 The first non-comment line specifies the version of the template
27 information and must contain the token Version followed by an integer
28 version number. For example:
29
30 Version 1
31
32
33
34
35 The current version is 1, so the above example is always the correct
36 opening line.
37
38
39 The remainder of the file consists of one or more search preference
40 configurations. The first line of a search preference is a human-
41 readable name for the type of object being searched for, for example
42 People or Organizations. This name is stored in the so_objtypeprompt
43 member of the ldap_searchobj structure (see ldap_searchprefs(3LDAP)).
44 For example:
45
46 People
47
48
49
50
51 specifies a label for a search preference designed to find X.500
52 entries for people.
53
54
55 The next line specifies a list of options for this search object. The
56 only option currently allowed is "internal" which means that this
57 search object should not be presented directly to a user. Options are
58 placed in the so_options member of the ldap_searchobj structure and can
59 be tested using the LDAP_IS_SEARCHOBJ_OPTION_SET() macro. Use "" if no
60 special options are required.
61
62
63 The next line specifies a label to use for "Fewer Choices" searches.
64 "Fewer Choices" searches are those where the user's input is fed to the
65 ldap_filter routines to determine an appropriate filter to use. This
66 contrasts with explicitly-constructed LDAP filters, or "More Choices"
67 searches, where the user can explicitly construct an LDAP filter.
68
69
70 For example:
71
72 "Search For:"
73
74
75
76
77 can be used by LDAP client programs to label the field into which the
78 user can type a "Fewer Choices" search.
79
80
81 The next line specifies an LDAP filter prefix to append to all "More
82 Choices" searched. This is typically used to limit the types of entries
83 returned to those containing a specific object class. For example:
84
85 "(&(objectClass=person)"
86
87
88
89
90 would cause only entries containing the object class person to be
91 returned by a search. Note that parentheses may be unbalanced here,
92 since this is a filter prefix, not an entire filter.
93
94
95 The next line is an LDAP filter tag which specifies the set of LDAP
96 filters to be applied for "Fewer Choices" searching. The line
97
98 "x500-People"
99
100
101
102
103 would tell the client program to use the set of LDAP filters from the
104 ldap filter configuration file tagged "x500-People".
105
106
107 The next line specifies an LDAP attribute to retrieve to help the user
108 choose when several entries match the search terms specified. For
109 example:
110
111 "title"
112
113
114
115
116 specifies that if more than one entry matches the search criteria, the
117 client program should retrieve the title attribute that and present
118 that to the user to allow them to select the appropriate entry. The
119 next line specifies a label for the above attribute, for example,
120
121 "Title:"
122
123
124
125
126 Note that the values defined so far in the file are defaults, and are
127 intended to be overridden by the specific search options that follow.
128
129
130 The next line specifies the scope of the LDAP search to be performed.
131 Acceptable values are subtree, onelevel, and base.
132
133
134 The next section is a list of "More Choices" search options, terminated
135 by a line containing only the string END. For example:
136
137 "Common Name" cn 11111 "" ""
138 "Surname" sn 11111 "" ""
139 "Business Phone" "telephoneNumber" 11101 "" ""
140 END
141
142
143
144
145 Each line represents one method of searching. In this example, there
146 are three ways of searching - by Common Name, by Surname, and by
147 Business Phone number. The first field is the text which should be
148 displayed to user. The second field is the attribute which will be
149 searched. The third field is a bitmap which specifies which of the
150 match types are permitted for this search type. A "1" value in a given
151 bit position indicates that a particular match type is valid, and a "0"
152 indicates that is it not valid. The fourth and fifth fields are,
153 respectively, the select attribute name and on-screen name for the
154 selected attribute. These values are intended to override the defaults
155 defined above. If no specific values are specified, the client software
156 uses the default values above.
157
158
159 The next section is a list of search match options, terminated by a a
160 line containing only the string END. Example:
161
162 "exactly matches" "(%a=%v))"
163 "approximately matches" "(%a~=%v))"
164 "starts with" "(%a=%v*))"
165 "ends with" "(%a=*%v))"
166 "contains" "(%a=*%v*))"
167 END
168
169
170
171
172 In this example, there are five ways of refining the search. For each
173 method, there is an LDAP filter suffix which is appended to the ldap
174 filter.
175
176 EXAMPLES
177 Example 1 A Sample Configuration Using Search Preference for "people"
178
179
180 The following example illustrates one possible configuration of search
181 preferences for "people".
182
183
184 # Version number
185 Version 1
186 # Name for this search object
187 People
188 # Label to place before text box user types in
189 "Search For:"
190 # Filter prefix to append to all "More Choices" searches
191 "(&(objectClass=person)"
192 # Tag to use for "Fewer Choices" searches - from ldapfilter.conf file
193 "x500-People"
194 # If a search results in > 1 match, retrieve this attribute to help
195 # user distinguish between the entries...
196 multilineDescription
197 # ...and label it with this string:
198 "Description"
199 # Search scope to use when searching
200 subtree
201 # Follows a list of "More Choices" search options. Format is:
202 # Label, attribute, select-bitmap, extra attr display name, extra attr ldap name
203 # If last two are null, "Fewer Choices" name/attributes used
204 "Common Name" cn 11111 "" ""
205 "Surname" sn 11111 "" ""
206 "Business Phone" "telephoneNumber" 11101 "" ""
207 "E-Mail Address" "mail" 11111 "" ""
208 "Uniqname" "uid" 11111 "" ""
209 END
210 # Match types
211 "exactly matches" "(%a=%v))"
212 "approximately matches" "(%a~=%v))"
213 "starts with" "(%a=%v*))"
214 "ends with" "(%a=*%v))"
215 "contains" "(%a=*%v*))"
216 END
217
218
219
220 In this example, the user may search for People. For "fewer choices"
221 searching, the tag for the ldapfilter.conf(4) file is "x500-People".
222
223 ATTRIBUTES
224 See attributes(5) for a description of the following attributes:
225
226
227
228
229 +----------------+-----------------+
230 |ATTRIBUTE TYPE | ATTRIBUTE VALUE |
231 |Stability Level | Evolving |
232 +----------------+-----------------+
233
234 SEE ALSO
235 ldap_searchprefs(3LDAP), attributes(5)
236
237
238
239 November 26, 2017 LDAPSEARCHPREFS.CONF(4)