Modifying the user search criteria configured for a user store
You can modify the user search criteria that are configured for the user store as part of editing the configuration of a user store.
The user search criteria that you define for a user store applies to all the connections associated with the user store.
- In theUser Storetab of theUser Storespage, do one of the following steps:
- Click the name of the user store to modify the user search criteria associated with it.
- In theActioncolumn of the user store for which you want to modify user search criteria, clickEdit.
- In the resultingEdit User Storespage, click theSearch Criteriatab.
- ClickEdit.
- Enter or edit the following information and clickSave:FieldDescriptionSearch CriteriaBase DNEdit the Base DN string, if necessary. This string indicates where to start searching for user information within the user store database.User FilterEdit your user store filters for the directory search, if necessary. For example:
- To search for a user, use the format(&(uid=%s)(objectclass=organizationalPerson))
- To search for a user in AD, use the format(&(&(objectClass=user)(objectCategory=person))(sAMAccountName=%s))
- To search for a user in AD with Groupmembership enabled, use the format:(&(&(objectClass=user)(objectCategory=person))(sAMAccountName=%s)(memberOf=cn=Security_group,cn=Users,DC=sales,DC=acme,DC=com))
Replace%swith the logging user name.Edit Default VIP User Name AttributeSelect this check box if you want to edit the LDAP attribute value that is used as VIP User Name.VIP User Name AttributeEnter the value for the LDAP attribute to use as the VIP User Name.Select AttributeSelect one or more attributes to choose the authentication channel to deliver the security code to the user through the appropriate VIP Enterprise components. For each attribute, enter up to 10 attribute types, separated by semicolons.- Email. Enter the attribute name that specifies the user email address.If you select the email attribute, VIP can send a new credential registration email if an additional credential is registered to an existing user for which an email address is available. Contact your account representative to enable this feature.
- Mobile. Enter the attribute name that specifies the user mobile device identifier, such as a telephone number.
- Phone. Enter the attribute name that specifies the user telephone number.
DNS and NetBIOS NameProvide DNS and NetBIOS names for this user store, if necessary. You can add more than one value for the DNS and NetBIOS Name.VIP Registration Email AttributeSelect AttributeSelectEmailto allow VIP to send an email with a My VIP registration link to all unregistered users in this user store. Customize the registration email in theSettings > Registration Email Settingstab.EmailEnter the email attribute from this user store that VIP can use to send this email.Test SettingsTest ConnectionEnter an existing user ID to verify that the user who is specified in the User Distinguished Name field has the correct search permissions to the user store. The test is mandatory to verify that the configuration is working.