Filter
Top Products
8-15
User Guide for Cisco Digital Media Manager 5.4.x
OL-15762-05
Chapter 8 Authentication and Federated Identity
Concepts
Understand LDAP Attributes
Note Microsoft Active Directory is the only LDAP implementation that we support in this release.
Ordinarily, DMS-Admin will not import any user account record from your Active Directory server
when the value in it is blank for any of these attributes:
• Login User Name
—This required value always must be unique.
•First Name
—This required value might be identical for multiple users.
•Last Name
—This required value might also be identical for multiple users.
However, you can import and synchronize all of the Active Directory user account records that match
your filters. You can do this even when some of the user account records are incomplete because one or
more of their attributes have blank values.
To prevent these undefined attributes from blocking the import of the user accounts they are meant to
describe, you can enter generic values for most attributes in the Values to Use by Default column.
DMS-Admin takes the generic values that you enter, and then inserts them automatically where they
are needed.
Tip Nonetheless, you cannot enter a default value for the Login User Name attribute. Usernames are unique.
Guidelines for LDAP Filters
Note Microsoft Active Directory is the only LDAP implementation that we support in this release.
•
Use “OU” values to impose rough limits on a filter, page 8-15
•
Use “memberOf” values to pinpoint a filter more precisely, page 8-16
•
Use “objectClass” values to match all user records, page 8-16
Use “OU” values to impose rough limits on a filter
•
Never use a filter that defines the user base at the domain level. For example, this filter is
not acceptable.
DC=example,DC=com
•
Instead, use filters that define the user base at a lower level, as this one does.
OU=SanJose,DC=example,DC=com