...
An attribute (the Key Attribute) containing a unique key is required. The value of this attribute should be persistent and not change under any circumstances. There should only ever be exactly one value for this attribute. While dn
can be used, many LDAP deployments allow DNs to be changed, for reasons such as being based on a name, or a structural change of the LDAP server itself. If DNs are not persistent, then a different attribute (such as employeeNumber
, if suitable) should be used.
By default, the Plugin will search for all records under the Base DN. However, under some circumstances it may be desirable to further filter searches, such as to exclude inactive entries. This is done by setting the Search Filter configuration. The Search Filter will be AND'd together with any search operation performed by the Plugin. Be sure to include the parentheses in the filter definition, and also to escape any special characters within the filter values.
An example search filter, to constrain searches against Active Directory to active users: (!(userAccountControl=514))
...