+

Search Tips   |   Advanced Search

Group attribute definition settings

Specify the name of the group membership attribute. Every LDAP entry includes this attribute to indicate the group to which this entry belongs.

To view this administrative console page:

  1. In the administrative console, click Security > Global security.

  2. Under User account repository, select Federated repositories from the Available realm definitions field and click Configure.

    To configure for a specific domain in a multiple security domain environment, click Security domains > domain_name. Under Security Attributes, expand User Realm, and click Customize for this domain. Select the Realm type as Federated repositories and then click Configure.

  3. Under Related items, click Manage repositories.

  4. Click Add > LDAP repository to specify a new external repository or select an external repository that is preconfigured.

  5. Under Additional properties, click Group attribute definition.

When we finish adding or updating the federated repository configuration, go to the Security > Global security panel and click Apply to validate the changes.


Name of group membership attribute

Name of the group membership attribute. Only one membership attribute can be defined for each LDAP repository.

Every LDAP entry should have this attribute to indicate the groups to which this entry belongs. For example, memberOf is the name of the membership attribute used in Active Directory. The group membership attribute contains values that reference groups to which this entry belongs. If UserA belongs to GroupA, then the value of the memberOf attribute of UserA should contain the distinguished name of GroupA.

If our LDAP server does not support the group membership attribute, then do not specify this attribute. The LDAP repository can look up groups by searching the group member attributes, though the performance might be slower.


Scope of group membership attribute

Scope of the group membership attribute.

Information Value
Default: Direct
Range:

Direct

The membership attribute contains direct groups only. Direct groups are the groups that contain the member. For example, if Group1 contains Group2 and Group2 contains User1, then Group2 is a direct group of User1, but Group1 is not a direct group of User1.

Nested

The membership attribute contains both direct groups and nested groups.

All

The membership attribute contains direct groups, nested groups, and dynamic members.

  • Configure group attribute definition settings in a federated repository configuration
  • Manage the realm in a federated repository configuration