Set dynamic and nested group support for the SunONE or iPlanet Directory Server

Set dynamic and nested groups to simplify WebSphere Application WAS security management and increase its effectiveness and flexibility.

To use dynamic and nested groups with WAS security, be running WAS V5.1.1 or later. Refer to Dynamic groups and nested group support for more information on this topic.


  1. In the admin console for WAS, click...

      Security | Global security

  2. Under User account repository, click the Available realm definitions drop-down list, select...

      Standalone LDAP registry | Configure

  3. Select SunONE for the type of LDAP server.

  4. Select the Ignore case for authorization option.

  5. Under Additional Properties, click Advanced LDAP user registry settings


  6. Change the Group filter setting to &(cn=%v)(objectclass=ldapsubentry)).

  7. Change the Group member ID map setting to nsRole:nsRole.

  8. Click Apply or OK to validate the changes.


Related concepts

Standalone LDAP registries
Locating a users group memberships in LDAP
Set dynamic and nested group support for the IBM Tivoli Directory Server
Use specific directory servers as the LDAP server
Set LDAP user registries