SDBM group gathering

After successfully authenticating to the LDAP server, a list is created of the groups to which the authenticated RACF® user ID belongs. Only groups in which the user ID's membership is active (has not been revoked) are included in the list. This group membership list is used in authorization checking when trying to access entries in directories on the LDAP server.

If the SDBM backend is to be used for authentication purposes only and group membership is not needed, consider having your clients use the authenticateOnly server control, to streamline bind processing. This control overrides any extended group membership searching and default group membership gathering and is supported for Version 3 clients. See Supported server controls for more information.

The authenticateOnly control is not necessary if there is no TDBM, LDBM, GDBM, or CDBM backend configured. In this case, SDBM does not do any group gathering.