Oracle® Internet Directory Administrator's Guide 10g (9.0.4) Part Number B12118-01 |
|
Dynamic and Static Groups in Oracle Internet Directory, 3 of 4
This version of Oracle Internet Directory does not support the use of dynamic groups in access control lists. You cannot associate dynamic groups with either the orclACPgroup
or the orclPrivilegeGroup
object class.
When querying dynamic group for required attributes of the member, this release supports reading the attributes only of members not explicitly listed in the membership list. Also, in this case, an ldapsearch filter based on membership--that is, member
or uniqueMember
--cannot be applied to the dynamic group object.
The hierarchical group resolution query works only for static groups. If a dynamic groups is a member of a static group, then the query to resolve the entire hierarchy of the groups does not evaluate the dynamic groups. Thus, if a static Group A is a member of another static Group B which in-turn is a member of static Group C, then the query to compute all the groups that a user is a member of (assuming the user is a member of static Group A) correctly returns groups A, B, and C. However, if group C is a dynamic group, then the same query returns only Groups A and B.
The CONNECT BY
query to resolve implicit hierarchies works only with the equality filter. The base of the search is not used while executing this kind of query.
|
![]() Copyright © 1999, 2003 Oracle Corporation. All Rights Reserved. |
|