At the moment, we are using LDAP server connection to authenticate our users.
Our question is: in which moment the query to authenticate users is executed? More exactly, when the field 'Authentication Search
Filter' is applied?
We are using as 'Authentication Search
Filter' this value: '(HJTconID=@screen_name@)'
Environment
DXP 7.3
Resolution
The field 'Authentication Search
Filter' is defined to make a relationship between the field configured in DXP for login and the attribute which defines a user in LDAP.
The bind process between both servers DXP and LDAP follows these steps:
DXP requests an initial query to LDAP, using the 'Authentication Search
Filter' .
Using the previous defined value, the query is equivalent to '(HJTconID=[[[Screen Name Used in Login]]])'
Then DXP checks if there is some value returned to resume or abort the process.
Next step, DXP makes a join between these both filters: 'Authentication Search
Filter' and 'Import Search
Filter' and requests to LDAP.
The query is equivalent to '(&([[[Authentication Search
Filter]]])([[[Import Search Filter]]]))'
Returned value is used by DXP to populate user data using configured 'User Mapping' fields.
Finally, DXP proceeds to import user memberships requesting to LDAP the filter 'Import Search
Filter' from 'Groups' section.
The query is equivalent to '(&([[['User' field from 'Groups' section, usually 'uniqueMember']]]=[[[User DN]]])([[['Import Search Filter' from 'Groups' section]]]))'
Please, take into account those queries are requested only when user import is done during authentication. If import from LDAP configuration is defined ('Enable Import'option, 'Enable
Import on Startup'option, 'Import Interval'field), DXP will only use 'Import Search Filter' filters to import users from LDAP.
