You can use the following dynamic query parameters in the search:
ldap:///<search_base_DN>??<search_scope>?<searchfilter>
Using one or base obtains only the users in the Base DN organization.
Using sub obtains all users under the Base DN organization and all sub- organizations in the tree.
(<logical operator ><comparison><comparison...>)
Logical OR: |
Logical AND: &
Logical NOT: !
For example:
(&(city=boston)(state=Massachusetts))
The default search filter is (objectclass=*).
Note: When creating a dynamic query, you cannot specify the LDAP server's host name or port number. All searches occur within the Identity Manager LDAP directory that you configured for your Identity Manager environment.
The following are sample LDAP queries:
Description |
Query |
---|---|
All users who are managers. |
Ldap:///o=MyCorporation??sub?(title=Manger) |
All managers in the New York West branch office |
ldap:///o=MyCorporation??one?(&(title=Manager) (roomNumber=NYWest)) |
All technicians with a cell phones |
ldap:///o=MyCorporation??one? (&(employeetype=technician) (mobile=*)) |
All employees whose employee numbers are between 1000 and 2000 |
ldap:///o=MyCorporation, (& (ou=employee) (employeenumber >=1000) (employeenumber <=2000)) |
All help desk administrators who have been employed at the company for more than 6 months |
ldap:///o=MyCorporation,(& (cn=helpdeskadmin) (DOH => 2004/04/22) Note: This query requires that you create a DOH attribute for the user's date of hire. |
Note: The > and < (greater than and less than) comparisons are lexicographic, not arithmetic. For details on their use, see the documentation for your LDAP directory server.
For more information about LDAP search filters, see information on User Directories in the CA SiteMinder Web Access Manager Policy Server Configuration Guide.