You are looking at documentation for an older release. Not what you want? See the current release documentation.
In addition to the full list of configurations in PicketLink IDM reference, this section explains some of them that aims at supporting common interest of eXo Community.
Search scope (entrySearchScope option)
The entrySearchScope option can be placed in identity object type, like this:
<option>
<name>entrySearchScope</name>
<value>subtree</value>
</option>
In combination with ctxDNs, this option forms an LDAP query. It is equivalent to the scope parameter of the ldapsearch command (-s in OpenLDAP).
Values: subtree, object.
If the option is omitted, the search will return the children at level 1 of the ctxDNs - equivalent to -s one.
Use subtree to search in the entire tree under ctxDNs.
It is useful saving you from having to provide all the possible ctxDNs in configuration.
The object value is equivalent to -s base that examines only the ctxDNs itself.
If the ctxDNs entry does not match the filter, the search result is zero.
Example:
# o=acme,dc=example,dc=com # uid=user1,o=acme,dc=example,dc=com # ou=People,o=acme,dc=example,dc=com # uid=user2,ou=People,o=acme,dc=example,dc=com
Assume you are mapping the LDAP users in the tree above, using the ctxDNs o=acme,dc=example,dc=com, then:
subtree: user1 and user2 are mapped.
object: no user is mapped.
If omitted: only user1 is mapped.