In addition to the full list of configurations in PicketLink IDM reference, this section explains some of them that aims at supporting common interest of eXo Community.
The entrySearchScope option can be placed in identity object type, like this:
In combination with ctxDNs, this option forms an LDAP query. It is equivalent to the scope parameter of the ldapsearch command (-s in OpenLDAP).
Values: subtree, object.
If the option is omitted, the search will return the children at level 1 of the ctxDNs - equivalent to
subtree to search in the entire tree under ctxDNs.
It is useful saving you from having to provide all the possible ctxDNs in configuration.
object value is equivalent to
-s base that examines only the ctxDNs itself.
If the ctxDNs entry does not match the filter, the search result is zero.
# o=acme,dc=example,dc=com # uid=user1,o=acme,dc=example,dc=com # ou=People,o=acme,dc=example,dc=com # uid=user2,ou=People,o=acme,dc=example,dc=com
Assume you are mapping the LDAP users in the tree above, using the ctxDNs o=acme,dc=example,dc=com, then:
subtree: user1 and user2 are mapped.
object: no user is mapped.
If omitted: only user1 is mapped.