Configure dynamic and nested groups to simplify WebSphere® Application
Server security management and increase its effectiveness and flexibility.
Before you begin
When creating groups, ensure that nested and dynamic group memberships
work correctly.
Procedure
- In the administrative console for WebSphere Application Server, click Security >
Global security.
- Under User account repository, click Standalone LDAP registry,
and click Configure.
- Select IBM® Tivoli® Directory Server for the type of LDAP
server.
- Under Additional properties, click Advanced Lightweight Directory
Access Protocol (LDAP) user registry settings.
- Change the Group filter value to (&(cn=%v)(|(objectclass=groupOfNames)(objectclass=groupOfUniqueNames)(objectclass=groupOfURLs))).
- Change the Group member ID map value to ibm-allGroups:member;ibm-allGroups:uniqueMember.
- Click Apply or OK to validate the changes.
- Verify that Auxiliary object class field on the Add an LDAP entry
panel for your IBM Tivoli Directory
server has the appropriate value. When you create a nested group,
the Auxiliary object class value is ibm-nestedGroup. When you create
a dynamic group, the Auxiliary object class value is ibm-dynamicGroup.