Dynamic and Nested groups - IBM Security Directory Server

Configure dynamic and nested groups to simplify WAS security management and increase its effectiveness and flexibility.

When creating groups, ensure that nested and dynamic group memberships work correctly.

1. In the console for WebSphere Application Server, click...
   Security > Global security > User account repository > Standalone LDAP registry > Configure > IBM Tivoli Directory > Additional properties > Advanced Lightweight Directory Access Protocol (LDAP) user registry settings

2. Change the Group filter value to...
   (&(cn=%v)(|(objectclass=groupOfNames)(objectclass=groupOfUniqueNames)(objectclass=groupOfURLs)))

3. Change the Group member ID map value to...
   ibm-allGroups:member;ibm-allGroups:uniqueMember

4. Click Apply or OK to validate the changes.

5. Verify that Auxiliary object class field on the Add an LDAP entry panel for the IBM Tivoli Directory server has the appropriate value. When creating a nested group, the Auxiliary object class value is ibm-nestedGroup. When creating a dynamic group, the Auxiliary object class value is ibm-dynamicGroup.

Related concepts

LDAP dynamic and nested groups
Standalone LDAP registries

Related tasks

Configure LDAP user registries
Locate user group memberships in a LDAP registry
Dynamic and Nested groups - SunONE or iPlanet Directory Server
LDAP directory servers