Specifying LDAP Group fields

You must specify the LDAP Group fields if you have selected LDAP security for the database repository.

Base RDN
Use this field to specify the relative distinguished name for a group. For example: o=Sales.
Search scope
Specifies the possible scopes for the directory search. You can specify:
  • One level: To search the one level below the Base RDN level, excluding the base object.
  • Subtree: To search the whole subtree rooted at the Base RDN level, including the base object and all its child objects.
Object class
Specify the object class to which the group belongs. For example: objectclass:posixGroup indicates that all entries under Base RDN belong to the posixGroup class.
Name attribute
Specify the name of an attribute whose value specifies the group name.
Description attribute
Specify the name of an attribute whose value specifies the description of the group.
Name filter
This field specifies the standard search string that will be used to search groups by name. This field is generated based on the values that you specify in the Name attribute and Object class fields.
All groups filter
This field specifies the standard search string that will return all the groups under the Base RDN. This field is generated based on the values that you specify in the Name attribute and Object class fields.
User's group
Use this field to specify the group to which the member belongs.
Administrator's group
Use this field to specify the group whose members will be granted administrator permissions within the content of the QMF products.
Member attribute
Specifies the name of a groups entry's attribute whose value specifies membership in the group. You can specify an RDN that will refer to a user entry or a user's name.
Member type
Specifies the member type based on what was specified in the Member attribute field. If you specified an RDN in the Member attribute field, the member type is DN. If you specified a user name in the Member attribute field, the member type is Value.
Identity type
Specifies the attribute that is used to identify the group and the type of access the group has to the repository. Using the identity attribute ensures retaining the granted permissions to the repository for the group, if the group is renamed or moved to another folder in the LDAP directory. The possible values are the following:
  • DN is the default value. It means that the distinguished name for the group is used for identification.
  • Custom attribute means that the name of the attribute specified in the Custom Attribute field is used for identification.
Custom attribute
This field is available only if you selected Custom attribute identity type. Specify the name of an attribute which value will be used for identification of the group.