Configure dynamic and nested groups to simplify WebSphere® Application
Server security management and increase its effectiveness and flexibility.
Before you begin
When creating groups,
ensure that nested and dynamic group memberships
work correctly.
Procedure
- In the administrative console for WebSphere Application
Server, click Security >
Global security.
- Under User account repository, click Standalone LDAP
registry,
and click Configure.
- Select IBM® Tivoli® Directory
Server for the type of LDAP
server.
- Under Additional properties, click Advanced
Lightweight Directory
Access Protocol (LDAP) user registry settings.
-
Change the Group filter value to (&(cn=%v)(|(objectclass=groupOfNames)(objectclass=groupOfUniqueNames)(objectclass=groupOfURLs))).
- Change the Group member ID map value to ibm-allGroups:member;ibm-allGroups:uniqueMember.
- Click Apply or OK to validate the
changes.
- Verify that Auxiliary object class
field on the Add an LDAP entry
panel for your IBM Tivoli Directory
server has the appropriate value. When you create a nested
group,
the Auxiliary object class value is ibm-nestedGroup. When
you create
a dynamic group, the Auxiliary object class value is ibm-dynamicGroup.