LDAP-UX Client Services B.05.01 Administrator Guide for HP directory servers and Windows ADS

ManualsBrandsHP ManualsSoftwareHP-UX LDAP-UX Integration Software

171

172

173

174

175

176

177

178

179

180

For detailed information on how to use the Directory Server Console to modify a group, see the

HP-UX Directory Server administrator guide available at:

http://www.hp.com/go/hpux-security-docs

Click HP-UX Directory Server.

The following shows an example of an HP-UX POSIX static group entry:

dn: cn=all,ou=groups,dc=example,dc=hp,dc=com

objectClass: groupofuniquenames

objectClass: groupofnames

objectClass: posixgroup

objectClass: top

cn: all

gidNumber: 1000

memberuid: user1

After you add information for groupofurls and memberURL to the preceding HP-UX POSIX

static group entry, the HP-UX POSIX dynamic group entry is as follows:

dn: cn=all,ou=groups,dc=example,dc=hp,dc=com

objectClass: groupofuniquenames

objectClass: groupofnames

objectClass: groupofurls

objectClass: posixgroup

objectClass: top

cn: all

memberURL: ldap:///dc=example,dc=hp,dc=com??sub?(l=California)

gidNumber: 1000

memberuid: user1

Now, the group “all” contains both static group member (user1) and dynamic members (all user

entries that can be retrieved from the tree of dc=example,dc=hp,dc=com and have an attribute

with l=California).

6.2.4 Enabling dynamic group support

To enable dynamic group support, you must run the setup program to remap the default group

attribute memberuid to the dynamic group attribute memberURL (in an HP directory server

environment) or msDS-AzLDAPQuery (in a Windows ADS environment). If the dynamic group

attribute is not mapped to memberUid, LDAP-UX will not process dynamic groups.

When running setup for an HP directory server environment, attribute mappings are done in step

10 of the Custom Configuration. For detailed information on how to remap the group attributes,

see Section 2.4.5.2 (page 72). When running setup for a Windows ADS environment, attribute

mappings are done in step 23 of Section 3.4.6.2 (page 139) in Section 3.4.6 (page 138).

Table 17 shows attribute mappings between the default group attribute and alternate group

attributes:

Table 17 Mappings between default and alternate group attributes

Static X.500 Group AttributeDynamic Group AttributeDefault Group Attribute

membermemberURL (HP directory server

environment)

msDS-AzLDAPQuery (Windows ADS

environment)

memberuid

If you want to perform group attribute mappings by using the Custom Configuration, ensure that

you do not accept the remaining default configuration parameters (running setup for an HP

directory server environment, this is in step 4 of the Custom Configuration, Section 2.4.5.2

(page 72); for a Windows ADS environment, this is step 15 in Section 3.4.6.2 (page 139)).

6.2 Creating an HP-UX dynamic group 177