Manualshelf

LDAP-UX Client Services B.04.15 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX LDAP-UX Integration Software
71727374757677787980
4.3 Specifying a Search Filter for a Dynamic Group
Instead of using memberURL and groupofurls to specify dynamic groups, HP OpenView
Select Access and HP-UX Select Access for IdMI define the following new attributes and objectclass
to support dynamic groups: .
nxRole attribute
nxSearchBaseDn attribute
nxSearchFilter attribute
nxSearchScope attribute
nxRoleEntry objectclass
4.3.1 Creating an HP-UX POSIX Dynamic Group
Each dynamic group is configured with a search DN, search scope and search filter. LDAP-UX
can support dynamic groups created by HP OpenView Select Access and HP-UX Select Access
for IdMI if they are POSIX dynamic groups. Use the following procedures to create an HP-UX
POSIX dynamic group:
1. Use the Select Access Policy Builder to create a dynamic group. See the “Step 1: Creating a
Dynamic Group” section for details.
2. Add the posixgroup objectclass, gidNumber and cn attribute information to the dynamic
group entry created in step 1. See the “Step 2: Adding POSIX Attributes to a Dynamic Group”
for details.
4.3.1.1 Step 1: Creating a Dynamic Group
You can use the Select Access Policy Builder to create dynamic groups. For detailed information
on how to use the Select Access Policy Builder to create a dynamic group, refer to the Select Access
Policy Builder Guide. The Select Access Policy Builder Guide can be found in the /opt/OV/
SelectAccess/docs directory after you install the HP-UX Select Access for IdMI product,
SelectAccessIdMI.
The HP-UX Select Access for IdMI product can be downloaded from the following web site:
http://www.hp.com/go/softwaredepot
The following shows an example of a dynamic group entry:
dn: nxRole=Austine
Managers,ou=groups,ou=Managing,dc=Example,dc=hp,dc=com objectClass:
nxRoleEntry objectClass: top nxSearchScope: sub nxSearchBaseDn: ou=Managing,dc=Example,dc=hp,dc=com
nxRole: Austine Managers nxSearchFilter: (l=Austine)
4.3.1.2 Step 2: Adding POSIX Attributes to a Dynamic Group
To create an HP-UX POSIX dynamic group, you can use the Directory Server Console or the
ldapmodify tool to add information for the posixgroup objectclass, the gidNumber and cn
attributes to the dynamic group entry created from Select Access Policy Builder. For more
information on how to add attribute information to the dynamic group using ldapmodify, see
the “Procedures” section in “Adding Attributes to a Dynamic Group Using ldapmodify ”
(page 74).
4.3.1.2.1 Examples
The following shows an example of an HP-UX POSIX dynamic group entry with posixgroup,
gidNumber and cn information added:
dn: nxRole=Austine Managers,ou=groups,ou=Managing,dc=Example,dc=hp,dc=com
objectClass: nxRoleEntry
objectClass: posixgroup
objectClass: top
4.3 Specifying a Search Filter for a Dynamic Group 77