Guidelines for Creating Dynamic Groups
Consider the following guidelines when using the Administration Server
forms to create new dynamic groups:
-
Dynamic groups cannot contain other groups.
-
Enter the group’s LDAP URL using the following format
(without host and port info, since these parameters are ignored):
ldap:///<basedn>?<attributes>?<scope>?<(filter)>
The required parameters are described in the following table:
Table 3–5 Dynamic Groups: Required Parameters
Parameter Name
|
Description
|
<base_dn>
|
The Distinguished Name (DN) of the search base, or point from which
all searches are performed in the LDAP directory. This parameter is often
set to the suffix or root of the directory, such as "o=mcom.com".
|
<attributes>
|
A list of the attributes to be returned by the search. To specify more
than one, use commas to delimit the attributes (for example, "cn,mail,telephoneNumber"); if no attributes are specified, all attributes are returned.
Note that this parameter is ignored for dynamic group membership checks.
|
<scope>
|
The scope of the search, which can be one of these values:
-
base retrieves information only about the
distinguished name (<base_dn>) specified in the URL.
-
one retrieves information about entries
one level below the distinguished name (<base_dn>) specified
in the URL. The base entry is not included in this scope.
-
sub retrieves information about entries
at all levels below the distinguished name (<base_dn>) specified
in the URL. The base entry is included in this scope.
This parameter
is required.
|
<(filter)>
|
Search filter to apply to entries within the specified scope of the
search. If you are using the Administration Server forms, you must specify
this attribute. Note that the parentheses are required.
This parameter is required.
|
The <attributes>, <scope>,
and <(filter)> parameters are identified by their positions
in the URL. If you do not want to specify any attributes, you still need to
include the question marks delimiting that field.
-
You can optionally also add a description for the new group.
-
If any organizational units have been defined for your directory,
you can specify where you want the new group to be placed using the Add New
Group To list. The default location is your directory’s root point,
or top-most entry.
-
When you are finish entering the desired information, click
Create Group to add the group and immediately return to the New Group form.
Alternatively, click Create and Edit Group to add the group and then proceed
to the Edit Group form for the group you have just added. For information
on editing groups, see Editing Group Attributes.