Step 3: Set the LDAP search criteria
About this task
Procedure
Use the setldapsearch subcommand to
specify the LDAP directory search criteria to use to find an LDAP
user account to authenticate against.
HCL Compass substitutes
the user name that the user enters in the HCL Compass login
window (expressed as %login%) into the search criteria that you specify
to find a matching LDAP user account.
Example
The following example uses the -b option to identify the base DN in the LDAP directory from which to start the search. The -s option specifies that the scope of the search is the subtree of the base DN. Microsoft™ Active Directory allows LDAP administrators to mark user accounts as disabled. The example expands on the answer shown in LDAP information worksheet to exclude disabled user accounts from the search. The filter is the string enclosed in parentheses. In the filter, sAMAccountName is the LDAP attribute that stores the user entry login name values.
installutil setldapsearch dbset_name cq_user cq_password " -s <E> -b <D> <G>"
installutil setldapsearch 7.0.0 admin secret "-s sub -b ou=my_dept,
dc=cqldapmsft,dc=com (&(objectCategory=person)(sAMAccountName=%login%)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))"