Network Deployment (Distributed operating systems), v8.0 > Secure applications and their environment > Authenticate users > Select a registry or repository > Standalone LDAP registries


Dynamic groups and nested group support for LDAP


Dynamic groups contain a group name and membership criteria:

Nested groups enable the creation of hierarchical relationships that are used to define inherited group membership. A nested group is defined as a child group entry whose distinguished name (DN) is referenced by a parent group entry attribute.

You only need to assign a larger parent group if all nested groups share the same privilege. Assigning a role to a single parent group simplifies the run-time authorization table.


Dynamic groups and nested group support for the IBM Tivoli Directory Server

WAS supports all LDAP dynamic and nested groups when using IBM Tivoli Directory Server. This function is enabled by default by taking advantage of a new feature in IBM Tivoli Directory Server. IBM Tivoli Directory Server uses the group attribute...

...that automatically calculates all the group memberships including dynamic and recursive memberships for a user. Security directly locates a user group membership from a user object rather than indirectly search all the groups to match group members.

See Configure dynamic and nested group support for the IBM Tivoli Directory Server.


Dynamic and nested group support for the SunONE or iPlanet Directory Server

The SunONE or iPlanet Directory Server uses two grouping mechanisms:

Three types of roles are available:

Refer to Configure dynamic and nested group support for the SunONE or iPlanet Directory Server for more information. Standalone LDAP registries
Configure dynamic and nested group support for the IBM Tivoli Directory Server
Configure dynamic and nested group support for the SunONE or iPlanet Directory Server
Locate user group memberships in a LDAP registry
Use specific directory servers as the LDAP server

+

Search Tips   |   Advanced Search