3.45.3. SearchFilter Previous topic Parent topic Child topic Next topic

This is the LDAP filter to use when searching for the user. It is used in similar way as with all LDAP modules. For more information, see Section 3.9.2. SearchFilter.
Usually, the search filter that is used to find a matching user name is
uid is the name of the LDAP attribute defined by the UsernameAttr parameter, and name is the name of the user currently being authenticated. For advanced applications, you can completely alter the search filter that Radiator uses by using the optional SearchFilter parameter. It allows you to use arbitrarily complicated LDAP search filters to select or exclude users based on attributes other than their user name. Special formatting characters are permitted, %0 is replaced by UsernameAttr and %1 by the user name. For example, this SearchFilter matches only users with the appropriate setting of their ‘current’ attribute:
SearchFilter (&(current=1)(uid=%1))
In SearchFilter, you an use any special formatting character. For backwards compatibility, Perl variables used to be interpolated, but this has been removed. The default setting for SearchFilter is (%0=%1), which matches the user name against the LDAP attribute defined by the UsernameAttr parameter (usually uid). Therefore, the default search string is (uid=name).