7.1.7. PicketLink IDM configuration

In addition to the full list of configurations in PicketLink IDM reference, this section explains some of them that aims at supporting common interest of eXo Community.

Search scope (entrySearchScope option)

The entrySearchScope option can be placed in identity object type, like this:


<option>
    <name>entrySearchScope</name>
    <value>subtree</value>
</option>

In combination with ctxDNs, this option forms an LDAP query. It is equivalent to the scope parameter of the ldapsearch command (-s in OpenLDAP).

Values: subtree, object.

Example:

# o=acme,dc=example,dc=com
# uid=user1,o=acme,dc=example,dc=com
# ou=People,o=acme,dc=example,dc=com
# uid=user2,ou=People,o=acme,dc=example,dc=com

Assume you are mapping the LDAP users in the tree above, using the ctxDNs o=acme,dc=example,dc=com, then:

  • subtree: user1 and user2 are mapped.

  • object: no user is mapped.

  • If omitted: only user1 is mapped.


Copyright ©. All rights reserved. eXo Platform SAS
blog comments powered byDisqus