MAN page from PLD openldap-2.0.27-1.i386.rpm
Section: File Formats (5)
Updated: 20 August 2000Index
ldapsearchprefs.conf - configuration file for LDAP search preference routines
The file /etc/openldap/ldapsearchprefs.conf contains information used bythe LDAP search preference routines (see ldap-searchpref(3)). Blank linesand lines that have a first character of `#' are treated as comments andignored. Non-comment lines contain one or more tokens. Tokens areseparated by white space, and double quotes `"' can be used to includewhite space inside a token.
Search preferences are typically used by LDAP-based client programs tospecify what a user may search for, which attributes are searched, andwhich options are available to the user.
The first non-commment line specifies the version of the templateinformation and must contain the tokenVersionfollowed by an integer version number. E.g.,
The current version is1,
so the above example is always the correct opening line.
The remainder of the file consists of one or more search preferenceconfigurations.The first line of a search preference is a human-readable name for thetype of object being searched for, e.g. "People" or "Organizations".This name is stored in theso_objtypepromptmember of theldap_searchobjstructure.E.g.,
specifies a label for a search preference designed to find X.500 entries for People.
The next line specifies a list of options for this search object. Theonly option currently allowed is "internal" which means that this searchobject should not be presented directly to a user. Options are placed in theso_optionsmember of theldap_searchobjstructure and can be tested using the LDAP_IS_SEARCHOBJ_OPTION_SET() macro.Use "" if no special options are desired.
The next line specifes a labelto use for "Fewer Choices" (for lack of a better term) searches. "FewerChoices" searches are those where the user's input is fed to theldap_filter routines to determine an appropriate filter to use. Thiscontrasts with explicitly-constructed LDAP filters, or "More Choices"searches, where the user can explicitly construct an LDAP filter. The"Fewer" and "More Choices" terms derive from the maX.500, waX.500 andxax500 directory user agents, which offer two configurations of their"Find Entry" dialogs - one where the user types a search string, and theclient code attempts to find reasonable filter(s) to use in searching("Fewer Choices"), and one where the user can select from several pop-upmenus which allow complete specification of the search to be performed("More Choices").
can be used by LDAP client programs to label the field into which theuser can type a "Fewer Choices" search. This information is stored intheso_prompt
member of theldap_searchobj
The next line specifies an LDAP filter prefix to append to all "More Choices"searched. This is typically used to limit the types of entries returnedto those containing a specific object class. For example:
would cause only entries containing the object class "person" to bereturned by a search. Note that parentheses may be unbalanced here, sincethis is a filter prefix, not an entire filter. This information isstored in theso_filterprefix
member of the ldap_searchobj
The next line is an LDAP filter tag (see ldap-filter(3)) which specifiesthe set of LDAP filters to be applied for "Fewer Choices" searching.The line
would tell the client program to use the set of LDAP filters from theldap filter configuration file tagged "xax500-People". This information isstored in theso_filtertag
member of theldap_searchobj
The next line specifies an LDAP attribute to retrieve to help the userchoose when several entries match the search terms specified. For example:
specifies that if more than one entry matches the search criteria, theclient program should retrieve the "title" attribute that and presentthat to the user to allow them to select the appropriate entry.The next line specifies a label for the above attribute, e.g.
The above information is stored in theso_defaultselectattr
members of theldap_searchobj
structure. Note that these are defaults, and are intended to be overriddenby the sa_selectattr and sa_selecttext fields of the ldap_searchattrdata structure (see below).
The next line specifies the scope of the LDAP search to be performed.Acceptable values are subtree, onelevel, and base. See ldap(3) formore information.
The next section is a list of "More Choices" search options, terminated bya line containing only the string "END". Example:
"Common Name" cn 11111 "" "" "Surname" sn 11111 "" "" "Business Phone" "telephoneNumber" 11101 "" "" END
Each line represents one method of searching. In this example, thereare three ways of searching - by Common Name, by Surname, and byBusiness Phone number. The first field is the text which should bedisplayed to user. The second field is the attribute which will besearched. The third field is a bitmap which specifies which of thematch types (discussed below) are permitted for this search type. A"1" value in a given bit position indicates that a particularmatch type is valid, and a "0" indicates that is it not valid. Thefourth and fifth fields are, respectively, the select attribute name(corresponding to the sa_selectattr field of the ldap_searchattr datastructure) and on-screen name for the select attribute (correspondingto the sa_selecttext field). These values are intended to overridethe so_defaultselectattr and so_defaultselecttext values, describedabove. If blank, the client software should use the default values above.
The next section is a list of search match options, terminated by aa line containing only the string "END". Example:
"exactly matches" "(%a=%v))" "approximately matches" "(%a~=%v))" "starts with" "(%a=%v*))" "ends with" "(%a=*%v))" "contains" "(%a=*%v*))" END
In this example, there are five ways of refining the search. For each method,there is an LDAP filter suffix which is appended to the ldap filter thusfar constructed. The routine ldap_build_filter() may be used to constructthe whole filter. It substitutes the appropriate attribute for "%a" in thefilter, and a value (generally, something the user types) for "%v".
The following example illustrates one possible configuration of searchpreferences for "people".
# Version numberVersion 1# Name for this search objectPeople# Label to place before text box user types in"Search For:"# Filter prefix to append to all "More Choices" searches"(&(objectClass=person)"# Tag to use for "Fewer Choices" searches - from ldapfilter.conf file"xax500-People"# If a search results in > 1 match, retrieve this attribute to help# user disambiguate the entries...multilineDescription# ...and label it with this string:"Description"# Search scope to use when searchingsubtree# Follows a list of "More Choices" search options. Format is:# Label, attribute, select-bitmap, extra attr display name, extra attr ldap name# If last two are null, "Fewer Choices" name/attributes used"Common Name" cn 11111 "" """Surname" sn 11111 "" """Business Phone" "telephoneNumber" 11101 "" """E-Mail Address" "mail" 11111 "" """Uniqname" "uid" 11111 "" ""END# Match types"exactly matches" "(%a=%v))""approximately matches" "(%a~=%v))""starts with" "(%a=%v*))""ends with" "(%a=*%v))""contains" "(%a=*%v*))"END
In this example, the user may search for People. For "fewer choices" searching,the tag for the ldap filter config file is "xax500-People".
is developed and maintained by The OpenLDAP Project (http://www.openldap.org/).
is derived from University of Michigan LDAP 3.3 Release.
- SEE ALSO
This document was created byman2html,using the manual pages.