Configure dynamic and nested group support for the IBM Tivoli Directory Server

 

Before you begin

When creating groups, ensure that nested and dynamic group memberships work correctly.

 

Procedure

  1. In the Lightweight Directory Access Protocol (LDAP) user registry configuration panel, select IBM Tivoli Directory Server for the LDAP server.

  2. On the LDAP settings panel change the Group Filter setting. Change the setting to the following value:

    (&(cn=%v)(|(objectclass=groupOfNames)(objectclass=groupOfUniqueNames)
    (objectclass=groupOfURLs))).

  3. On the LDAP settings panel change the Group Member ID Map setting. Change the setting to the following value:

    ibm-allGroups:member;ibm-allGroups:uniqueMember

  4. On the Add an LDAP entry panel the Auxiliary object class value is ibm-nestedGroup when creating a nested group. On the Add an LDAP entry panel, the Auxiliary object class value is ibm-dynamicGroup when creating a dynamic group.


 

See Also


Dynamic and nested group support for the SunONE or iPlanet Directory Server
Locating a user's group memberships in Lightweight Directory Access Protocol
Dynamic groups and nested group support for the IBM Tivoli Directory Server
Lightweight Directory Access Protocol

 

Related Tasks


Configuring dynamic and nested group support for the SunONE or iPlanet Directory Server
Using specific directory servers as the LDAP server

 



 

 

IBM is a trademark of the IBM Corporation in the United States, other countries, or both.
Tivoli is a trademark of the IBM Corporation in the United States, other countries, or both.