Chatee ahora con Soporte
Chat con el soporte

Active Roles 7.4.3 - Web Interface Administration Guide

Introduction Deploying the Web Interface Getting Started Web Interface Basics Performing Management Tasks Using Approval Workflow Customizing the Web Interface Default Commands

Base DN

The Base DN property specifies the distinguished name of the container where to begin the search. The search is performed only on this container and objects that exist below it in the directory tree. This property can be set to one of the following:

  • Currently selected object  When the user clicks the command on the menu for a given object, the Web Interface uses the distinguished name of that object as the Based DN property. For example, suppose the command is on the menu for the organizational unit object type. When the user selects an organizational unit and clicks the command, the Web Interface searches the selected organizational unit.
  • This DN  The command causes the Web Interface to search the object that has the specified distinguished name, regardless of what object is actually selected. For example, suppose the command is on the menu for the user object type, and the Base DN property is explicitly set to the distinguished name of a certain organizational unit. In this case, when a user account is selected in the Web Interface, the command appears on the menu and clicking the command begins the search in that organizational unit.

Search filters

The Search filters property specifies a search filter string in LDAP format. This part of the LDAP search syntax makes it possible to search for specific objects based on object attributes. Set up a filter string in accordance with LDAP syntax rules. The default filter string is “(objectClass=*)”, which retrieves all objects. Another example is “(objectClass=user)”, which causes the search to retrieve only user accounts.

When configuring a filter string, follow these guidelines:

  • The string must be enclosed in parentheses.
  • Expressions can use the relational operators: <, <=, =, >=, and >. An example is “(objectClass=user)” or “(givenName=Adam)”.
  • Compound expressions are formed with the prefix operators & and |. An example is (&(objectClass=user)(givenName=Adam)).

For more information about the filter string format, see the “Search Filter Syntax” topic in the MSDN Library (

Displayed attributes

The Displayed attributes property specifies a list of the attributes to retrieve during the search. These are the attributes that will be displayed in the list of search results. Each attribute is identified by its LDAP display name. Type the names of the attributes you want to retrieve, or select attributes from a list. Separate attribute names by commas.

The default setting for this property is “name,objectClass,description”, which displays a three-column list of search results. For every object returned by the search, the Web Interface lists the name, type, and description of the object.

Search scope

  • The Search scope property specifies the depth of the search. The options for this property are:
  • Base  This option limits the search to the object specified by the Base DN property (base object). The search returns either one object or no objects, depending upon the search filter.
  • One-level  This option restricts the search to the immediate children of the base object, but excludes the base object itself. The search returns the immediate child objects that match the search filter.
  • Subtree  With this option, the search filter is applied to the base object as well as to all objects that exists below it in the directory tree. The search returns all child objects that match the search filter. If the base object matches the filter, the base object is also included in the search results.
  • Attribute scope query by this attribute  With this option, the command searches in a certain attribute of the base object (target attribute). The target attribute is identified by the LDAP display name specified as part of this option, and must be an attribute that stores distinguished names, such as the “member” or “managedBy” attribute. The search is performed against the objects that are identified by the distinguished names found in the target attribute. For example, if the base object is a group and the “member” attribute is specified as the target, then the search will be performed against all objects that are members of the group, and will return the members of the group that match the search filter.
Documentos relacionados