Configure dynamic and nested group support for the IBM Tivoli Directory Server

 

+

Search Tips   |   Advanced Search

 

Configure dynamic and nested groups to simplify WAS security management and increase its effectiveness and flexibility.

When creating groups, ensure that nested and dynamic group memberships work correctly.

 

Procedure

  1. In the console for WebSphere Application Server, click...

    Security | Secure administration, applications, and infrastructure | User account repository | Standalone LDAP registry | Configure

  2. Select IBM Tivoli Directory Server for the type of LDAP server.

  3. Under Additional properties, click...

    Advanced LDAP user registry settings

  4. Change the Group filter value to...

    (&(cn=%v)(|(objectclass=groupOfNames)(objectclass=groupOfUniqueNames)(objectclass=groupOfURLs)))

  5. Change the Group member ID map value to...

    ibm-allGroups:member;ibm-allGroups:uniqueMember

  6. Click Apply or OK to validate the changes.

  7. Verify that Auxiliary object class field on the Add an LDAP entry panel for your IBM Tivoli Directory server has the appropriate value.

    When you create a nested group, the Auxiliary object class value is ibm-nestedGroup.

    When you create a dynamic group, the Auxiliary object class value is ibm-dynamicGroup.


 

Related concepts

Dynamic groups and nested group support Standalone LDAP registries

 

Related tasks

Locating a user’s group memberships in LDAP
Configure dynamic and nested group support for the SunONE or iPlanet Directory Server
Use specific directory servers as the LDAP server
Configure LDAP user registries