Configure dynamic and nested group support for the IBM Tivoli Directory Server

WAS v8.5 > Secure applications > Authenticate users > Select a registry or repository > Configure LDAP user registries > Locating user group memberships in a LDAP registry
Configure dynamic and nested group support for the IBM Tivoli Directory Server

In the dmgr console for WAS, click...
Security > Global security > User account repository > Standalone LDAP registry > Configure > IBM Tivoli Directory Server > Additional properties > Advanced LDAP user registry settings

Change the Group filter value to...
(&(cn=%v)(|(objectclass=groupOfNames)(objectclass=groupOfUniqueNames)(objectclass=groupOfURLs)))

Change the Group member ID map value to...

ibm-allGroups:member;ibm-allGroups:uniqueMember

Click Apply or OK to validate the changes.

Verify that Auxiliary object class field on the Add an LDAP entry panel for the IBM Tivoli Directory server has the appropriate value. When creating a nested group, the Auxiliary object class value is ibm-nestedGroup. When creating a dynamic group, the Auxiliary object class value is ibm-dynamicGroup.

Related concepts:

Dynamic groups and nested group support for LDAP
Standalone LDAP registries
Configure LDAP user registries
Locating user group memberships in a LDAP registry
Configure dynamic and nested group support for the SunONE or iPlanet Directory Server
Use specific directory servers as the LDAP server

+
Search Tips | Advanced Search