user-and-group-in-same-suffix

user-and-group-in-same-suffix

user-and-group-in-same-suffix = {yes|true|no|false}

Description

Whether the groups, in which a user is a member, are defined in the same LDAP suffix as the user definition.
When a user is authenticated, the groups in which the user is a member must be determined in order to build a credential. Normally, all LDAP suffixes are searched to locate the groups of which the user is a member.
Options

yes|true The groups are assumed to be defined in same LDAP suffix as the user definition. Only that suffix is searched for group membership. This behavior can improve the performance of group lookup because only a single suffix is searched for group membership. This option should only be specified if group definitions are restricted to the same suffix as the user definition.
no|false The groups might be defined in any LDAP suffix.

Usage: Optional
Default value
The value is not specified by default during WebSEAL configuration. When the value is not specified, the default value is no.
Example:
user-and-group-in-same-suffix = yes

Parent topic: [ldap] stanza

yes\|true	The groups are assumed to be defined in same LDAP suffix as the user definition. Only that suffix is searched for group membership. This behavior can improve the performance of group lookup because only a single suffix is searched for group membership. This option should only be specified if group definitions are restricted to the same suffix as the user definition.
no\|false	The groups might be defined in any LDAP suffix.