Directory Server (LDAP) - Group attribute types

Group attribute types

ibm-allGroups

Shows all groups to which an entry belongs. An entry can be a member directly by the member, uniqueMember, or memberURL attributes, or indirectly by the ibm-memberGroup attribute. This Read-only operational attribute is not allowed in a search filter. The ibm-allGroups attribute can be used in a compare request to determine if an entry is a member of given group. For example, to determine if "cn=john smith,cn=users,o=my company" is a member of the group "cn=system administrators, o=my company":

rc = ldap_compare_s(ld, "cn=john smith,cn=users,o=my company, "ibm-allgroups",
				"cn=system administrators,o=my company");

ibm-allMembers

Shows all members of a group. An entry can be a member directly by the member, uniqueMember, or memberURL attributes, or indirectly by the ibm-memberGroup attribute. This Read-only operational attribute is not allowed in a search filter. The ibm-allMembers attribute can be used in a compare request to determine if a DN is a member of given group. For example, to determine if "cn=john smith,cn=users,o=my company" is a member of the group "cn=system administrators, o=my company":

rc = ldap_compare_s(ld, "cn=system administrators,o=my company, "ibm-allmembers",
				"cn=john smith,cn=users,o=my company");

ibm-group

Is an attribute taken by the auxiliary class ibm-dynamicMember. Use it to define arbitrary values to control membership of the entry in dynamic groups. For example, add the value "Bowling Team" to include the entry in any memberURL that has the filter "ibm-group=Bowling Team".

ibm-memberGroup

Is an attribute taken by the auxiliary class ibm-nestedGroup. It identifies sub-groups of a parent group entry. Members of all such sub-groups are considered members of the parent group when processing ACLs or the ibm-allMembers and ibm-allGroups operational attributes. The sub-group entries themselves are not members. Nested membership is recursive.

member

Identifies the distinguished names for each member of the group. For example: member: cn=John Smith, dc=ibm, dc=com.

memberURL

Identifies a URL associated with each member of a group. Any type of labeled URL can be used. For example: memberURL: ldap:///cn=jsmith,dc=ibm,dc=com.

uniquemember

Identifies a group of names associated with an entry where each name was given a uniqueIdentifier to ensure its uniqueness. A value for the uniqueMember attribute is a DN followed by the uniqueIdentifier. For example: uniqueMember: cn=John Smith, dc=ibm, dc=com 17.