PhenixID

PSD1104 – Using a predefined search with OR query

Summary

This PhenixID Solution Document (PSD) is written for PhenixID Identity Manager (IM) 5.x.

The usage of predefined search is very common in an IM environment. To create a predefined search you can either do this using the Tab Designer UI in the IM Stand Alone client or you can write an Tab External Filter. Writing a Tab External Filter you can basically create any type of query against an identity store. If you use the UI and are creating prompted predefined searches you are unfortunately limited running AND LDAP queries against the store.

This PSD describes how to quite easily using the Tab Designer UI you can also create OR predefined searches.

For example: You might like an end-user to enter a last name in a search but you want the search to look for this last name in several attributes. Then you need to write an OR LDAP query like:
(|(attribute1=userInputValue)(attribute2=userInputValue))

System Requirements

  • PhenixID Identity Manager 5.x or later installed

Add class file and example search to your installation

Prerequisite: You already have IM 5.x installed or later and running with a test role. In this PSD a will call this example role ServiceDesk.

To get this to work you need to download two files, CustomSearchPDSearchFilter.class and SearchWithOR.xml

Download and extract PSD1104.zip

CustomSearchPDSearchFilter.class
This file must be put in the drive:\..\PhenixID\IM501\customer\extension\class\psd
If the \psd folder does not exist then create one.

SearchWithOR.xml
Put this file in the search folder of your role. In my example this would be the ServiceDesk role and the path would look like:
drive:\..\PhenixID\IM501\customer\role\servicedesk\search

Explanation of SearchWithOR.xml

This part explains how the SearchWithOR.xml file works and what can be changed suits your environment

  1. Open the IM Stand Alone client (recommended) or change the XML-file in a text editor.
  2. Open the example predefined search.
  3. Click Tools – Tab properties
    1. Change Search Base
    2. You also like to change Display Name, Unique Name, Display Attributes
    3. Click Apply when done
  4. Change then Search name
  5. Right click the white box on the right to Search and chose Properties. (you can aslo double click)
    1. If you like you can change Title
    2. Click Apply when done
  6. Change the OR LDAP query
  7. Right click the white box on the right to CustomSearch and chose Properties. (you can aslo double click)
    1. In Default Value you have.
      (|(givenname=[SEARCHBYORVARIABLE])(sn=[SEARCHBYORVARIABLE]))
      Above means that user inout must exactly equals the value in the attribute. See below for other settings.
    2. Do NOT change SEARCHBYORVARIABLE. This is the input given by the end user.
    3. If you like you can change givenName and sn or add or remove and attribute to suite your LDAP query.

Different ways to use the LDAP query

If you like to use wildcard and Starts with (John*):
(|(givenname=[SEARCHBYORVARIABLE]*)(sn=[SEARCHBYORVARIABLE]*))
Above will use Start with for both givenName and sn

If you like to use wildcard and Contains (*John*):
(|(givenname=*[SEARCHBYORVARIABLE]*)(sn=*[SEARCHBYORVARIABLE]*))

Test your OR LDAP query Predefined Search

Make sure you have saved your changes.

Login as the role using your predefined search and verify the result.

DISCLAIMER
Information provided in this document is for your information only. PhenixID makes no explicit or implied claims to the validity of this information. Any trademarks referenced in this document are the property of their respective owners.

The origin of this information may be internal or external to PhenixID. PhenixID makes all reasonable efforts to verify this information.

PhenixID - support.phenixid.se