Guidelines for Creating Dynamic Groups
Consider the following guidelines when using the Administration Server
interface to create new dynamic groups:
-
Dynamic groups cannot contain other groups.
-
LDAP URLs use the following format without host and port info,
as these parameters are ignored:
ldap:///base-dn?attributes?scope?(filter)
The attributes, scope, and (filter) parameters are identified by their positions in the URL. If you
do not want to specify any attributes, you must still include the question
marks (?) delimiting that field.
-
If organizational units are defined for your directory, specify
where you want the new group to be placed using the Add New Group To list
on the Create Group page in the Administration Server interface. The default
location is your directory’s root point, the topmost entry.
For more information about editing groups, see Editing Group Entries.
The following table lists the required parameters for the LDAP
URL.
Table 4–4 Required Parameters for the LDAP URL
Parameter Name
|
Description
|
base_dn
|
The DN of the search base, or point from which all searches are performed
in the LDAP directory. This parameter is often set to the suffix or root of
the directory, such as o=mcom.com.
|
attributes
|
A list of attributes to be returned by the search. To specify more than
one, use commas to delimit the attributes (for example, cn,mail,telephoneNumber). If no attributes are specified, all attributes are returned.
This parameter is ignored for dynamic group membership checks.
|
scope
|
This parameter is required.
The scope of the search, which can be one of these values:
-
base retrieves information only about the
distinguished name (base_dn) specified
in the URL.
-
one retrieves information about entries
one level below the distinguished name (base_dn) specified in the URL. The base entry is not included in this scope.
-
sub retrieves information about entries
at all levels below the distinguished name (base_dn) specified in the URL. The base entry is included in this scope.
|
(filter)
|
This parameter is required.
The Search filter to apply to entries within the specified scope of
the search. If you are using the Administration Server interface, you must
specify this attribute. The parentheses are required.
|