WebSphere Application Server Network Deployment, Version 6.1
             Operating Systems: AIX, HP-UX, i5/OS, Linux, Solaris, Windows, z/OS

             Personalize the table of contents and search results

Configuring dynamic and nested group support for the IBM Tivoli Directory Server

Configure dynamic and nested groups to simplify WebSphere Application Server security management and increase its effectiveness and flexibility.

Before you begin

When creating groups, ensure that nested and dynamic group memberships work correctly.

Procedure

  1. In the administrative console for WebSphere Application Server, click Security > Secure administration, applications, and infrastructure.
  2. Under User account repository, click Standalone LDAP registry, and click Configure.
  3. Select IBM Tivoli Directory Server for the type of LDAP server.
  4. Under Additional properties, click Advanced Lightweight Directory Access Protocol (LDAP) user registry settings.
  5. Change the Group filter value to (&(cn=%v)(|(objectclass=groupOfNames)(objectclass=groupOfUniqueNames)(objectclass=groupOfURLs))).
  6. Change the Group member ID map value to ibm-allGroups:member;ibm-allGroups:uniqueMember.
  7. Click Apply or OK to validate the changes.
  8. Verify that Auxiliary object class field on the Add an LDAP entry panel for your IBM Tivoli Directory server has the appropriate value. When you create a nested group, the Auxiliary object class value is ibm-nestedGroup. When you create a dynamic group, the Auxiliary object class value is ibm-dynamicGroup.



In this information ...


IBM Redbooks, demos, education, and more


Use IBM Suggests to retrieve related content from ibm.com and beyond, identified for your convenience.

This feature requires Internet access.

IBM Suggests
Task topic    

Terms of Use | Feedback

Last updated: Feb 25, 2009 9:32:38 AM CST
http://publib.boulder.ibm.com/infocenter/wasinfo/v6r1/index.jsp?topic=/com.ibm.websphere.nd.multiplatform.doc/info/ae/ae/tsec_dynamicnestedgroupibm.html