Password Policy User Lookup Dialog

casso10
HID_password-policies-user-lookup
Contents
The Password Policy User Lookup dialog lets you select the users in a user directory and apply the password policy to these users. The Users/Groups group box provides an interface for defining users and groups for policies.
The fields on this dialog change depending on whether you are searching an LDAP directory, an ODBC database or a WinNT directory.
For information on searching for users in each directory type, see the following sections:
User Lookup for an LDAP Directory
The Users Lookup dialog provides a way of searching for users in a user directory.
The dialog contains the following settings:
  • Users/Groups for
    User Directory
    Group Box
    Defines the search criteria.
    • Search Type
      Determines whether the search is based on an attribute-value pair or an LDAP search expression. The default contents displayed in the grid is based on user group. To view individual users, you have to complete the fields in the dialog to establish a search criteria.
    • Attribute
      Specifies the directory attribute on which to base the search, such as uid.
    • Value
      Specifies the string for the designated attribute. If the search search type is an attribute-value pair, enter a search string.
      If the search type is based on an expression, specify the expression. The Administrative UI automatically adds encapsulating parentheses to the expression, such as (&(uid=*)(cn=*)), &(uid=*)(cn=*).
      The following characters must be escaped as part of attribute values when specifying a search expression or an attribute-value pair:
      Example
      : "&(uid=*))(cn=*(*)" must include escape characters "&(uid=*
      \
      ))(cn=*
      \
      (*)"
    • GO
      Initiates the search.
    • Reset
      Clears the specified search criteria.
  • Manual Entry Group Box
    Specifies the specific user or group to search.
    • Manual Entry
      For LDAP directories, enter a valid search expression.
      You can enter
      All
      in the Manual Entry field to bind the password policy to the entire LDAP directory.
User Lookup for an ODBC Database
The Users Lookup dialog provides a way of searching for users in a user directory.
The dialog contains the following settings:
  • Users/Groups for
    User Directory
    Group Box
Defines the search criteria.
Search For
Specifies if the scope of the search includes users, groups, or users and groups.The default contents displayed in the grid is based on user group. To view individual users, you have to complete the fields in the dialog to establish a search criteria.
  • Attribute
    Specifies the user directory attribute. User directory attributes are represented by named columns in the database table, such as Name or UserID.
  • Value
    Specifies the search string to be used for the search.
    the search string can contain wildcards (*).
  • GO
    Initiates the search.
  • Reset
    Clears the specified search criteria.
Manual Entry Group Box
Specifies the either a manually entered search expression or the search expression determined by the entries in the Where to Search and Condition group boxes.
  • Manual Entry
    For Microsoft SQL Server and Oracle, enter a user name or an SQL query.
    Example SQL query
    SELECT NAME FROM EMPLOYEE WHERE JOB =’MGR’;
    The Policy Server performs the query as the database user specified in the Username field of the Credentials and Connection tab for the user directory. When constructing the SQL query, you need to be familiar with the database schema for the user directory. For example, if you are using the SmSampleUsers schema and want to add specific users, you could select from the SmUser table.
    Note the following:
    • If the manual entry query does not contain a WHERE statement, the WHERE statement from the Init User query field is appended. For example:
      Init User:
      select Name from SmUser where Name = ’%s’
      Manual Entry:
      Select Name from customers
      Result:
      select Name from customers where Name = ’%s’
    • If the manual entry query contains a WHERE statement, the portion of the query following the Init User WHERE statement is appended. For example:
      Init User:
      select Name from SmUser where Name = ’%s’
      Manual Entry
      : Select Name from customers where balance > 1000
      Result:
      select Name from customers where balance > 1000 and Name = ’%s’
User Lookup for a WinNT Directory
The Users Lookup dialog provides a way of searching for users in a user directory.
The dialog contains the following settings:
  • Users/Groups for
    User Directory
    Group Box
Defines the search criteria.
Search For
Specifies if the scope of the search includes users, groups, or users and groups.The default contents displayed in the grid is based on user group. To view individual users, you have to complete the fields in the dialog to establish a search criteria.
  • Value
    Specifies the search string to be used for the search.
    the search string can contain wildcards (*).
  • GO
    Initiates the search.
  • Reset
    Clears the specified search criteria.
Manual Entry Group Box
Specifies the specific user or group to search.
  • Manual Entry
    Enter a user name.