Set dynamic and nested group support for the IBM Tivoli Directory Server


Set dynamic and nested groups to simplify WebSphere Application WAS security management and increase its effectiveness and flexibility.

When creating groups, ensure that nested and dynamic group memberships work correctly.

 

  1. In the admin console for WAS, click...

      Security | Global security

  2. Under User account repository, click Standalone LDAP registry, and click Configure.

  3. Select IBM Tivoli Directory Server for the type of LDAP server.

  4. Under Additional properties, click Advanced LDAP user registry settings

    .

  5. Change the Group filter value to (&(cn=%v)(|(objectclass=groupOfNames)(objectclass=groupOfUniqueNames)(objectclass=groupOfURLs))).

  6. Change the Group member ID map value to ibm-allGroups:member;ibm-allGroups:uniqueMember.

  7. Click Apply or OK to validate the changes.

  8. Verify that Auxiliary object class field on the Add an LDAP entry panel for the IBM Tivoli Directory server has the appropriate value. By creating a nested group, the Auxiliary object class value is ibm-nestedGroup. By creating a dynamic group, the Auxiliary object class value is ibm-dynamicGroup.

 

Related concepts


Dynamic groups and nested group support
Standalone LDAP registries

 

Related tasks


Locating a users group memberships in LDAP
Set dynamic and nested group support for the SunONE or iPlanet Directory Server
Use specific directory servers as the LDAP server
Set LDAP user registries