3. To configure the search attributes, use the following information.
UID Search Attribute
When the selected binding method is Anonymously or w/ Configured Credentials, the initial bind to the LDAP server is followed by a search request that is directed at retrieving specific information about the user, including the distinguished name, login permissions, and group membership. To retrieve this information, the search request must specify the attribute name that is used to represent user IDs on that server. Specifically, this name is used as a search filter against the login ID that is entered by the user. This attribute name is configured here. For example, on Active Directory servers, the attribute name that is used for user IDs is usually sAMAccoutName. On Novell eDirectory and OpenLDAP servers, it is usually uid. If this field is left blank, a default of UID is used during user authentication.
Group Search Attribute
In an Active Directory or Novell eDirectory environment, this parameter specifies the attribute name that is used to identify the groups to which a user belongs. In Active Directory, this is usually memberOf, and with eDirectory, this is usually groupMembership.
In an OpenLDAP server environment, users are usually assigned to groups whose objectClass equals PosixGroup. In that context, this parameter specifies the attribute name that is used to identify the members of a particular PosixGroup. This is usually memberUid.
If this field is left blank, the attribute name in the filter defaults to memberOf.
Login Permission Attribute
When a user is authenticated through an LDAP server successfully, the login permissions for this user must be retrieved. To retrieve these permissions, the search filter that is sent to the server must specify the attribute name that is associated with login permissions. This field specifies this attribute name.
If this field is left blank, the user is assigned a default of
The attribute value that is returned by the LDAP server is searched for the keyword string IBMRBSPermission=. This keyword must be immediately followed by a bit string that is entered as 12 consecutive 0s or 1s. Each bit represents a particular set of functions. The bits are numbered according to their positions. The leftmost bit is bit position 0, and the rightmost bit is bit position 11. A value of 1 at a particular position enables the function that is associated with that position. A value of 0 disables that function. The string IBMRBSPermission=010000000000 is a valid example.
50 Remote Supervisor Adapter II SlimLine and Remote Supervisor Adapter II: User’s Guide