LDAP-UX Client Services B.04.10 Administrator's Guide (edition 7)

name: uid

uid number: uidnumber

.....

Search Descriptor

search[0]: dc=example,dc=hp,dc=com?sub?

(objectclass=posixaccount)

The sample group entry is:

dn: cn=mygroup,ou=Groups,dc=example,dc=hp,dc=com

objectClass: groupofnames

objectClass: groupofuniquenames

objectClass: posixgroup

objectClass: groupofurls

objectClass: top

cn: mygroup

gidNumber: 100

memberUid: user1

member: uid=user2,ou=people,dc=example,dc=hp,dc=com

uniqueMember: uid=user3,ou=people,dc=example,dc=hp,dc=com

memberURL: ldap:///dc=example,dc=hp,dc=com??sub?(uid=p*)

When processing memberURL to retrieve dynamic members, LDAP-UX combines

(objectclass=posixaccount) from passwd configuration with (uid=p*) as the search

filter to search the tree of "dc=example,dc=hp,dc=com".

With the above attribute mappings, LDAP-UX will return user1, user2, user3 and all users

starting with "p" as group members.

Group Attribute Mappings

To enable the dynamic group feature support, you must run the setup program to remap the

default group attribute, memberuid, to the dynamic group attribute, memberURL and/or

nxSearchFilter. If neither memberURL nor nxSearchFilter is mapped to memberUid,

LDAP-UX will not process dynamic groups.

The attribute mappings are done in step 11 of the Custom Configuration. For detailed information

on how to remap the group attributes, see “Custom Configuration” (page 38).

Table 4–1shows attribute mappings between the default group attribute and alternate group

attributes:

Table 4-1 Attribute Mappings

Static X.500 Group AttributeDynamic Group AttributeDefault Group Attribute

member or uniquemembermemberURL or nxSearchFiltermemberuid

If you want to perform group attribute mappings by using the Custom Configuration, ensure

that you do not accept the remaining default configuration parameters in step 5 of the Custom

Configuration.

Multiple Group Attribute Mappings 83