Guidelines for Creating Dynamic Groups
Consider the following guidelines when using the Administration
Server to create new dynamic groups:
-
Dynamic groups cannot contain other groups.
-
Enter the group’s LDAP URL using the following
format (without host and port info, since these parameters are ignored):
ldap:///<basedn>?<attributes>?<scope>?<(filter)>
The required parameters are described in the following table:
Table 8–1 Dynamic Groups: Required
Parameters
Parameter Name
|
Description
|
<base_dn>
|
The Distinguished Name (DN) of the search base, or point from
which all searches are performed in the LDAP directory. This parameter
is often set to the suffix or root of the directory, such as "o=mcom.com".
|
<attributes>
|
A list of the attributes to be returned by the search. To specify
more than one, use commas to delimit the attributes (for example,
"cn,mail,telephoneNumber"); if no attributes are
specified, all attributes are returned. Note that this parameter is
ignored for dynamic group membership checks.
|
<scope>
|
The scope of the search, which can be one of these values:
-
base retrieves information only
about the distinguished name (<base_dn>) specified
in the URL.
-
one retrieves information about
entries one level below the distinguished name (<base_dn>) specified
in the URL. The base entry is not included in this scope.
-
sub retrieves information about
entries at all levels below the distinguished name (<base_dn>) specified in the URL. The base entry is included in this
scope.
This parameter is required.
|
<(filter)>
|
Search filter to apply to entries within the specified scope
of the search. If you are using the Administration Server forms, you
must specify this attribute. Note that the parentheses are required.
This parameter is required.
|
Note that the <attributes>, <scope>, and <(filter)> parameters are identified
by their positions in the URL. If you do not want to specify any attributes,
you still need to include the question marks delimiting that field.
-
You can optionally also add a description for the
new group.
-
If any organizational units have been defined for
your directory, you can specify where you want the new group to be
placed using the Add New Group To list. The default location is your
directory’s root point, or topmost entry.