Guidelines for Creating Dynamic Groups
Consider the following guidelines when using the Administration Server interface
to create new dynamic groups:
-
Dynamic groups cannot contain other groups.
-
Enter the group’s LDAP URL using the following format (without host
and port info, as these parameters are ignored):
ldap:///base_dn?attributes?scope?(filter)
The following table lists the required parameters for the LDAP URL.
Table 4–5 Required Parameters for the LDAP URL
Parameter Name
|
Description
|
base_dn
|
The DN of the search base, or point from which all searches are performed in
the LDAP directory. This parameter is often set to the suffix or root of the directory,
such as o=mcom.com.
|
attributes
|
A list of attributes to be returned by the search. To specify more than one,
use commas to delimit the attributes (for example, cn,mail,telephoneNumber). If no attributes are specified, all attributes are returned. This parameter
is ignored for dynamic group membership checks.
|
scope
|
This parameter is required.
The scope of the search, which can be one of these values:
-
base retrieves information only about the distinguished
name (base_dn) specified
in the URL.
-
one retrieves information about entries one level
below the distinguished name (base_dn) specified in the URL. The base entry is not included in this scope.
-
sub retrieves information about entries at all
levels below the distinguished name (base_dn) specified in the URL. The base entry is included in this scope.
|
(filter)
|
This parameter is required.
Search filter to apply to entries within the specified scope of the search.
If you are using the Administration Server interface, you must specify this attribute.
The parentheses are required.
|
The attributes, scope, and (filter) parameters are identified by their positions in the URL. If you do not
want to specify any attributes, you must still include the question marks (?) delimiting
that field.
Continuing with the guidelines for creating dynamic groups:
-
If organizational units are defined for your directory, specify where
you want the new group to be placed using the Add New Group To list on the Create
Group page in the Administration Server interface. The default location is your directory’s
root point (topmost entry).
-
For more information about editing groups, see Editing Group Entries.