Use the setldapsearch subcommand to specify the LDAP search criteria to use to find an LDAP user account to authenticate against. The setldapsearch subcommand uses the user name that the user enters in the Rational® ClearQuest® Login window. It is run once per domain, site, or both, if applicable.
installutil setldapsearch ldapreferr admin "" -domain Domain1 "-s sub -b OU=bluepages,o=ibm.com mail=%login%"
installutil setldapsearch dbset1 bob_admin bob_pw -Domain domain1 "-s sub -b ou=my_org, dc=ldapmsft,dc=com (&(objectCategory=person)(sAMAccountName=%login%) (!(userAccountControl:1.2.840.113556.1.4.803:=2)))"