Directory configuration properties (Group tab)

The Group tab displays group-related properties of the directory configuration.

Group Base DN
The base distinguished name (DN) for searching for groups in the directory server.
Group Search Filter
This property specifies the search filter for groups. It must be in the format

    (&(objectclass=group)(samAccountName={0}))
where samAccountName is the attribute assigned as the User Short Name on the User tab.

Group Display Name
Specifies the display name for a group object generated by the authentication provider. The default property value is dependent on the authentication provider and is specified by the provider's configuration.
Search Cross Forest Group Membership
This field appears only for Active Directory. Specifies whether the Active Directory Service provider performs cross-forest group membership searches. The default is False. To enable cross-forest group membership searches, set this property to True.
Group Membership Search Filter
This field appears only for IBM, Novell, ADAM, and Sun One. The search filter for group membership queries.
Restrict Membership to Configured Realms
Select this check box to restrict group lookups to configured realms only. A user can be in a configured realm but belong to a group in an unconfigured realm. If this check box is cleared, that user cannot log on because the system cannot look up all the user's group memberships. If this check box is checked, group memberships in unconfigured realms are ignored. This selection is available for all directory providers, but has no effect for ADAM because ADAM does not support cross-domain group membership.