Configuring dynamic and nested group support for the SunONE or iPlanet Directory Server

Configure dynamic and nested groups to simplify WebSphere® Application Server security management and increase its effectiveness and flexibility.

Before you begin

To use dynamic and nested groups with WebSphere Application Server security, you must be running WebSphere Application Server Version 6.1 or later. Refer to Dynamic groups and nested group support for LDAP for more information on this topic.

Procedure

  1. In the administrative console for WebSphere Application Server, click Security > Global security.
  2. Under User account repository, click the Available realm definitions drop-down list, select Standalone LDAP registry, and click Configure.
  3. Select SunONE for the type of LDAP server.
  4. Select the Ignore case for authorization option.
  5. Under Additional Properties, click Advanced Lightweight Directory Access Protocol (LDAP) user registry settings.
  6. Change the Group filter setting to &(cn=%v)(objectclass=ldapsubentry)).
  7. Change the Group member ID map setting to nsRole:nsRole.
  8. Click Apply or OK to validate the changes.