Nested groups
The nesting of groups enables the creation of hierarchical relationships that can be used to define inherited group membership. A nested group is defined as a parent group entry, which has members that are with group entries.
A nested group is created by extending one of the structural group
object classes by adding the ibm-nestedGroup auxiliary
object class. After nested group extension, zero or more ibm-memberGroup attributes
may be added, with their values set to the DNs of nested child groups.
For example:
dn: cn=Group 2, cn=Groups, o=sample
objectclass: groupOfNames
objectclass: ibm-nestedGroup
objectclass: top
cn: Group 2
description: Group composed of static, and nested members.
member: cn=Person 2.1, cn=Dept 2, cn=Employees, o=sample
member: cn=Person 2.2, cn=Dept 2, cn=Employees, o=sample
ibm-memberGroup: cn=Group 8, cn=Nested Static, cn=Groups, o=sampleThe introduction of cycles into the nested static group hierarchy is not allowed. If it is determined that a nested static group operation results in a cyclical reference, either directly or through inheritance, it is considered a constraint violation and therefore, the update to the entry fails.