User's Manual

ManualsBrandsDell ManualsComputer equipmentPowerconnect W-ClearPass Hardware Appliances

361

362

363

364

365

366

367

368

369

370

366 | Administration Dell Networking W-ClearPass Guest 6.4 | User Guide

User Search Settings

In the User Search area of the Edit Authentication Server form:

Field Description

Enabled Mark the Use this server to search for matching users checkbox. The form expands to

include additional options.

Filter (Required) Select one of the following options:

l Use the default LDAP filter—Uses an LDAP filter suitable for an Active Directory

search operation.

n The default filter matches user accounts based on any portion of the username

(sAMAccountName attribute), or any portion of the user’s full name (displayName

attribute), and eliminates resources (display name starting with “*”), disabled

accounts, and users without a userPrincipalName attribute.

l Specify a custom LDAP filter…—Allows you to enter a specific LDAP filter expression.

n This should be a valid LDAP filter expression per RFC 4515.

n The keyword @SEARCH@ is replaced with the user’s actual search term when the

filter is used.

Display Attributes

(Required) Provide a list of LDAP attributes to retrieve when searching, and the treatment to

apply to each attribute:

l id—Use the LDAP attribute as the value of a matching item. This value is used when a

matching item is selected. This would normally be the case for the LDAP attribute that

specifies the username. The directory should contain unique values in this attribute.

l text—Use the LDAP attribute as the text to display for a matching item.

l This would normally be the case for the LDAP attribute that specifies the user’s common

name (displayName in Microsoft Active Directory). Users will typically want to search on

this attribute.

l desc—Use the LDAP attribute as additional descriptive text to display for a matching

item. This is an optional item.

There must be exactly one attribute that is identified as an “id” attribute.

Multiple LDAP attributes may be identified as “text” or “desc” attributes, in which case all the

values are displayed together in the search results.

If no LDAP attribute is identified as a “text” attribute, the “id” attribute will be used as the text.

To use one attribute in different ways, provide a list of types. For example, specify

sAMAccountName = id, desc to have the username act as both the ID and the description

text.

Comments may be entered in this field by starting a line with the “#” character.

Sort By Specify the name of an attribute on which to order the search results. Otherwise, the default

value of displayName orders the results by the user's full name.

Maximum Results (Required) Limits the total number of search results that can be displayed.

Table 92: Edit Authentication Server, User Search

* In the Display Attributes field, the default value field provides the following behavior: