[Deploying Sakai] Filter in jldap directory provider

[Grossman,John E]

Is there a way to specify an LDAP search filter in the jldap-beans.xml without having to modify Java code?

Our Active Directory tree looks something like this:
DC=mdanderson,DC=edu
        OU=People
                OU=Archive
                OU=Dept01
                OU=Dept02
                ...
                OU=Dept20

I need to start searching at OU=People because a current user can be in any of the department branches. Unfortunately, the same person sometimes shows up in both Archive and DeptX with the same email. For instance Jane Jones with user id jjones married and changed her name to Jane Smith with user id jsmith but kept her jjones email address. When the directory provider code looks up jjones at mdanderson.edu<mailto:jjones at mdanderson.edu>, it finds her in the archive branch before it finds her current record in Dept02 She gets enrolled as jjones when she should be enrolled as jsmith.  Jjones is a dead account so she can't log in.

I'd like for the provider to use a filter like (&(mail=jjones at mdanderson.org)(!(accountExpires=0)))<mailto:mail=jjones at mdanderson.org)(!(accountExpires=0)))> or an approach that would eliminate the Archive branch from the search.

BTW - I know the person could be enrolled correctly by searching on her user id jsmith, but instructors often prefer to enter students by email address.

John Grossman
The University of Texas M. D. Anderson Cancer Center
john.grossman at mdanderson.org



-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://collab.sakaiproject.org/pipermail/production/attachments/20100119/252d351e/attachment.html