3. To configure the search attributes, use the following information.
Search Attribute
When the selected binding method is Anonymously or w/ Configured
Credentials, the initial bind to the LDAP server is followed by a search
request that is directed at retrieving specific information about the user,
including the distinguished name, login permissions, and group
membership. To retrieve this information, the search request must specify
the attribute name that is used to represent user IDs on that server.
Specifically, this name is used as a search filter against the login ID that is
entered by the user. This attribute name is configured here. For example,
on Active Directory servers, the attribute name that is used for user IDs is
usually sAMAccoutName. On Novell eDirectory and OpenLDAP servers, it
is usually uid. If this field is left blank, a default of UID is used during user
Group Search Attribute
In an Active Directory or Novell eDirectory environment, this parameter
specifies the attribute name that is used to identify the groups to which a
user belongs. In Active Directory, this is usually memberOf, and with
eDirectory, this is usually groupMembership.
In an OpenLDAP server environment, users are usually assigned to groups
whose objectClass equals PosixGroup. In that context, this parameter
specifies the attribute name that is used to identify the members of a
particular PosixGroup. This is usually memberUid.
If this field is left blank, the attribute name in the filter defaults to
Login Permission Attribute
When a user is authenticated through an LDAP server successfully, the
login permissions for this user must be retrieved. To retrieve these
permissions, the search filter that is sent to the server must specify the
attribute name that is associated with login permissions. This field specifies
this attribute name.
If this field is left blank, the user is assigned a default of read-only
permissions, assuming that the user passes the user and group
The attribute value that is returned by the LDAP server is searched for the
keyword string IBMRBSPermission=. This keyword must be immediately
followed by a bit string that is entered as 12 consecutive 0s or 1s. Each bit
represents a particular set of functions. The bits are numbered according to
their positions. The leftmost bit is bit position 0, and the rightmost bit is bit
position 11. A value of 1 at a particular position enables the function that is
associated with that position. A value of 0 disables that function. The string
IBMRBSPermission=010000000000 is a valid example.
50 Remote Supervisor Adapter II SlimLine and Remote Supervisor Adapter II: User’s Guide