The account attributes in the following table are not displayed in the schema by default. You must add the attribute to the schema map before you can manage groups.
Identity System Attribute |
Resource User Attribute |
LDAP Syntax |
Description |
---|---|---|---|
user defined |
ldapGroups |
ldapGroups |
A list of distinguished names of groups the LDAP user is a member of. The resource attribute Group Member Attr specifies the attribute of the LDAP group entry that will be updated to contain the distinguished name of the user. The default value for the Group Member Attr is uniquemember. |
user defined |
posixGroups |
N/A |
A list of distinguished names of posixGroups entries the LDAP user is a member of. For an account to be assigned membership in a Posix group, it must have a value for the uid LDAP attribute. The memberUid attribute of the posixGroup entries will be updated to contain the uid of the user. |
Note the following behavior when either posixGroups or ldapGroups is defined in the schema map:
When an LDAP account is deleted, then Waveset removes the account’s DN from any LDAP groups and the account’s uid from any posixGroups.
When the uid of an account changes, then Waveset replaces the old uid with the new uid in the appropriate posixGroups.
When an account is renamed, then Waveset replaces the old DN with the new DN in the appropriate LDAP groups.
If the LDAP resource manages its own referential integrity, you should disable the adapter's LDAP group management function by deselecting the “Maintain LDAP Group Membership” checkbox in the resource adapter configuration.