Configuring dynamic and nested group support for the IBM Tivoli Directory Server
Configure dynamic and nested groups to simplify WebSphere® Application Server security management and increase its effectiveness and flexibility.
Before you begin
Procedure
- In the administrative console for WebSphere Application Server, click Security > Global security.
- Under User account repository, click Standalone LDAP registry, and click Configure.
- Select IBM® Tivoli® Directory Server for the type of LDAP server.
- Under Additional properties, click Advanced Lightweight Directory Access Protocol (LDAP) user registry settings.
- Change the Group filter value to (&(cn=%v)(|(objectclass=groupOfNames)(objectclass=groupOfUniqueNames)(objectclass=groupOfURLs))).
- Change the Group member ID map value to ibm-allGroups:member;ibm-allGroups:uniqueMember.
- Click Apply or OK to validate the changes.
- Verify that Auxiliary object class
field on the Add an LDAP entry
panel for your IBM Tivoli Directory
server has the appropriate value. When you create a nested group, the Auxiliary object class value is ibm-nestedGroup. When you create a dynamic group, the Auxiliary object class value is ibm-dynamicGroup.