59 lines
2.9 KiB
HTML
59 lines
2.9 KiB
HTML
|
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
|
||
|
|
<html>
|
||
|
|
<head>
|
||
|
|
<META http-equiv="Content-Type" content="text/html; charset=utf-8">
|
||
|
|
<LINK rel="stylesheet" type="text/css" href="../../../rzahg/ic.css">
|
||
|
|
|
||
|
|
<title>Configure dynamic and nested group support for the Sun ONE or iPlanet Directory Server</title>
|
||
|
|
</head>
|
||
|
|
|
||
|
|
<BODY>
|
||
|
|
<!-- Java sync-link -->
|
||
|
|
<SCRIPT LANGUAGE="Javascript" SRC="../../../rzahg/synch.js" TYPE="text/javascript"></SCRIPT>
|
||
|
|
|
||
|
|
<h6><a name="secldapsun"></a>Configure dynamic and nested group support for the Sun ONE or iPlanet Directory Server</h6>
|
||
|
|
|
||
|
|
<p>The Sun ONE or iPlanet Directory Server uses two grouping mechanisms:</p>
|
||
|
|
|
||
|
|
<ul>
|
||
|
|
<li><p><em>Groups</em> are entries that name other entries as a list of members or as a filter for members.</p></li>
|
||
|
|
|
||
|
|
<li><p><em>Roles</em> are also entries that name other entries as a list of members or as a filter for members. Additional functionality is provided by generating the nsrole attribute on each role member.</p>
|
||
|
|
|
||
|
|
<p>The following types of roles are available:</p>
|
||
|
|
|
||
|
|
<ul>
|
||
|
|
<li><p><strong>Filtered roles</strong>
|
||
|
|
<br>Entries are members if they match a specified LDAP filter. In this way, the role depends upon the attributes that are contained in each entry. This role is equivalent to a dynamic group.</p></li>
|
||
|
|
|
||
|
|
<li><p><strong>Nested roles</strong>
|
||
|
|
<br>Create roles that contain other roles. This role is equivalent to a nested group.</p></li>
|
||
|
|
|
||
|
|
<li><p><strong>Managed roles</strong>
|
||
|
|
<br>Explicitly assigns a role to member entries. This role is equivalent to a static group.</p></li>
|
||
|
|
</ul></li>
|
||
|
|
</ul>
|
||
|
|
|
||
|
|
<p>Roles and groups are defined and administered similarly, with additional function so that member entries can have a generated attribute to indicate active roles. For example, an application can read the roles of an entry rather than select a group and browse the members list. This function simplifies and eases administration.</p>
|
||
|
|
|
||
|
|
<p>To configure dynamic or nested group support for Sun ONE or iPlanet Directory Server, perform the following steps in the WebSphere administrative console:</p>
|
||
|
|
|
||
|
|
<ol>
|
||
|
|
<li><p>Expand <strong>Security</strong> --> <strong>User Registries</strong>, and click <strong>LDAP</strong>.</p></li>
|
||
|
|
|
||
|
|
<li><p>In the <strong>Type</strong> field, select <strong>Sun ONE</strong> for the LDAP server. Select the <strong>Ignore Case</strong> option. Click <strong>OK</strong>.</p></li>
|
||
|
|
|
||
|
|
<li><p>Under <strong>Additional Properties</strong>, click <strong>Advanced LDAP Settings</strong>.</p></li>
|
||
|
|
|
||
|
|
<li><p>On the Advanced LDAP Settings panel, change the value in the <strong>Group Filter</strong> field to the following value:</p>
|
||
|
|
<pre>&(cn=%v)(objectclass=ldapsubentry)) </pre></li>
|
||
|
|
|
||
|
|
<li><p>On the Advanced LDAP Settings panel, change the value in the <strong>Group Member ID Map</strong> field to the following value:</p>
|
||
|
|
<pre>nsRole:nsRole</pre></li>
|
||
|
|
|
||
|
|
<li><p>Click <strong>OK</strong>.</p></li>
|
||
|
|
</ol>
|
||
|
|
|
||
|
|
</body>
|
||
|
|
</html>
|