user-and-group-in-same-suffix
Whether the groups in which a user is a member are defined in the same LDAP suffix as the user definition.
user-and-group-in-same-suffix = {yes|true|no|false}
Specification of whether the groups in which a user is a member are defined in the same LDAP suffix as the user definition.
When a user is authenticated, the groups in which the user is a member must be determined to build a credential. Normally, all LDAP suffixes are searched to locate the groups of which the user is a member.
Options
- yes|true
- The groups that are assumed to be defined in the same LDAP suffix as the user definition. Only that suffix is searched for group membership. This behavior can improve the performance of group lookup, because only a single suffix is searched. Use this option only if group definitions are restricted to the same suffix as user definitions.
- no|false
- The groups might be defined in any LDAP suffix. Anything other than yes|true, including a blank value, is interpreted as no|false.
To use this key value pair for performance tuning purposes, see the IBM Security Verify Access for Web: Performance Tuning Guide.
Usage
Optional
Default value
noExample
user-and-group-in-same-suffix = yes