Group directory configuration properties

The group directory configuration properties for the directory configuration wizard.

Group Base DN
The base distinguished name (DN) for searching for groups in the directory server.
Group Search Filter
The search filter for groups. It must be in one of the following formats, depending on your directory service provider:
Group Display Name Attribute
The directory server attribute to use as the display name for a group. The default property value is dependent on the directory service type and is specified by the configuration of the directory service provider.
Group Short Name Attribute
The directory server attribute to use as the short name for a group. The default property value is samAccountName for the Active Directory service provider and cn for all other supported directory service providers.
Search Cross Forest Group Membership
(Active Directory only) Specifies whether the Active Directory Service provider performs cross-forest group membership searches. The default is False. To enable cross-forest group membership searches, set this property to True.
Group Membership Search Filter
(IBM, Novell, AD LDS, and Sun Java System Directory only) The search filter for group membership queries.
Group Unique ID Attribute
The directory service attribute that serves as the security identifier (SID) for each group. Select an attribute whose values are unique and do not change over time. This attribute is typically the same attribute as the User Unique ID attribute, but it is possible to use a different attribute if required.
Search Dynamic Group
(CA Directory only) Select this check box to instruct the Content Engine server to search dynamic groups. A dynamic group is a hybrid group that can contain both static and dynamic members.
Dynamic Group Member Attribute
(CA Directory only) The directory server attribute that holds the static members of a dynamic group.
Dynamic Group Query Attribute
(CA Directory only) The attribute in the dynamic group that holds the dynamic LDAP query. The Content Engine server runs this query to retrieve the dynamic members of the group.
Dynamic Group Object Class
(CA Directory only) The type of dynamic group to search.
Restrict Membership to Configured Realms
Select this check box to restrict group lookups to configured realms only. A user can be in a configured realm but belong to a group in an unconfigured realm. If this check box is cleared, that user cannot log on because the system cannot look up all the group memberships of the user. If this check box is selected, group memberships in unconfigured realms are ignored. This selection is available for all directory providers, but is ignored by AD LDS because AD LDS does not support cross-domain group membership.