Configure Queries for User and Group Attributes

Configure additional settings to perform queries that retrieve ("pull") more information about users and user groups from a directory on an LDAP server.

The settings for these queries are part of the settings that you configure for the Authentication module (engine) on Web Gateway to handle the integrated process for authenticating a user.

1. Configure a query for user attributes.
   1. Select Get user attributes.
      NOTE: You need not configure any special values for the Base distinguished name to user objects option, as these values are the same as those that you already configured for the purpose of authenticating a user.
   2. In the User attributes to retrieve list, add the name of the attribute that the query should find a value for. You can also add multiple names here.
      For example, to retrieve information about the group or groups that a user belongs to, add memberof.
   3. Under Attributes concatenation string, type a character for separating multiple resulting values, for example, a comma.
2. Configure a query for group attributes.
   1. Select Get group attributes.
   2. Under Base distinguished name to group objects, provide a starting point for the query using LDAP syntax, for example, ou=groups,dc=ldap,dc=local.
   3. Under Filter expression to locate a group object, specify an attribute of a group that allows the group to be found.
      For example, specify member=%u, which has member as the attribute name and the %u variable that holds the user's user name on Web Gateway as the attribute value.
   4. In the Group attributes to retrieve list, add the name of the attribute that the query should find a value for.
      You can also add multiple names here
      For example, to find the so-called common name of a group, add cn.
   5. Under Attributes concatenation string, type a character for separating multiple resulting values, for example, a comma.