Configure dynamic and nested groups to simplify WebSphere Application
Server security management and increase its effectiveness and flexibility.
Before you begin
When creating groups, ensure that nested and dynamic group memberships
work correctly.
Procedure
- In the administrative console for WebSphere
Application Server, click Security > Global security.
- Under User registries, click LDAP.
- Select IBM Tivoli Directory Server for the type of LDAP
server.
- Under Additional properties, click Advanced Lightweight Directory
Access Protocol (LDAP) user registry settings.
- Change the Group filter value to (&(cn=%v)(|(objectclass=groupOfNames)(objectclass=groupOfUniqueNames)(objectclass=groupOfURLs))).
- Change the Group member ID map value to ibm-allGroups:member;ibm-allGroups:uniqueMember.
- Click Apply or OK to validate the changes.
- Verify that Auxiliary object class field on the Add an LDAP entry
panel for your IBM Tivoli Directory server has the appropriate value.
When you create a nested group, the Auxiliary object class value is ibm-nestedGroup.
When you create a dynamic group, the Auxiliary object class value is ibm-dynamicGroup.