A static group defines each member individually using the structural objectclass groupOfNames, groupOfUniqueNames, accessGroup, or accessRole; or the auxiliary objectclass ibm-staticgroup. A static group using the groupOfNames or groupOfUniqueNames structural objectclasses must have at least one member. A group using the accessGroup or accessRole structural objectclasses can be empty. A static group can also be defined using the auxiliary objectclass: ibm-staticGroup, which does not require the member attribute, and therefore can be empty.
A typical group entry is:
DN: cn=Dev.Staff,ou=Austin,c=US objectclass: accessGroup cn: Dev.Staff member: cn=John Doe,o=IBM,c=US member: cn=Jane Smith,o=IBM,c=US member: cn=James Smith,o=IBM,c=US
Each group object contains a multivalued attribute consisting of member DNs.
Upon deletion of an access group, the access group is also deleted from all ACLs to which it has been applied.