Step 3: Set the LDAP search criteria

About this task

Procedure

Use the setldapsearch subcommand to specify the LDAP directory search criteria to use to find an LDAP user account to authenticate against.

HCL Compass substitutes the user name that the user enters in the HCL Compass login window (expressed as %login%) into the search criteria that you specify to find a matching LDAP user account.

Example

The following example uses the -b option to identify the base DN in the LDAP directory from which to start the search. The -s option specifies that the scope of the search is the subtree of the base DN. Microsoft™ Active Directory allows LDAP administrators to mark user accounts as disabled. The example expands on the answer shown in LDAP information worksheet to exclude disabled user accounts from the search. The filter is the string enclosed in parentheses. In the filter, sAMAccountName is the LDAP attribute that stores the user entry login name values.

installutil setldapsearch dbset_name cq_user cq_password " -s <E> -b <D> <G>"

installutil setldapsearch 7.0.0 admin secret "-s sub -b ou=my_dept,
dc=cqldapmsft,dc=com (&(objectCategory=person)(sAMAccountName=%login%)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))"