Configure dynamic and nested group support for the IBM Security Directory Server

Configure dynamic and nested group support for the IBM Security Directory Server

Configure dynamic and nested groups to simplify WAS security management and increase its effectiveness and flexibility.
When creating groups, ensure that nested and dynamic group memberships work correctly.

In the console for WebSphere Application Server, click...
Security > Global security > User account repository > Standalone LDAP registry > Configure > IBM Tivoli Directory > Additional properties > Advanced Lightweight Directory Access Protocol (LDAP) user registry settings

Change the Group filter value to...
(&(cn=%v)(|(objectclass=groupOfNames)(objectclass=groupOfUniqueNames)(objectclass=groupOfURLs)))

Change the Group member ID map value to...
ibm-allGroups:member;ibm-allGroups:uniqueMember

Click Apply or OK to validate the changes.

Verify that Auxiliary object class field on the Add an LDAP entry panel for the IBM Tivoli Directory server has the appropriate value. When creating a nested group, the Auxiliary object class value is ibm-nestedGroup. When creating a dynamic group, the Auxiliary object class value is ibm-dynamicGroup.

Related concepts

Dynamic groups and nested group support for LDAP
Standalone LDAP registries

Related tasks

Configure LDAP user registries
Locating user group memberships in a LDAP registry
Configure dynamic and nested group support for the SunONE or iPlanet Directory Server
Use specific directory servers as the LDAP server