User Guide

Table 3 Group Configuration Screen

Label

Description

Group RDN The Relative DN of the group. Each component of a DN is called an RDN and represents a branch

in the directory tree. This value, which is relative to the Base DN, is used as the group URL.

Specify a Group RDN that identifies the lowest user directory node where all the groups that you

plan to provision are available.

The Group RDN has a significant impact on login and search performance. Because it is the starting

point for all group searches, you must identify the lowest possible node within which all groups for

Hyperion products are available. To ensure optimum performance, the number of groups present

within the Group RDN should not exceed 10,000. If more groups are present, use an appropriate

group filter to retrieve only the groups you want to provision.

Note: Shared Services displays a warning if the number of available groups within the Group URL

exceeds 10,000.

See “Using Special Characters” on page 61 for restrictions on the use of special characters.

Example:

ou=Groups

Group Filter An LDAP query that retrieves only the groups that are to be provisioned with Hyperion product roles.

For example, the LDAP query

(cn=Hyp*) retrieves only groups whose names start with the prefix

Hyp.

The group filter is used to limit the number of groups returned during a query. Group filters are

especially important if the node identified by the Group RDN contains groups that need not be

provisioned. Filters can be designed to exclude the groups that are not to be provisioned, thereby

improving performance.

Name Attribute The attribute that stores the name of the group.

Example:

Object class Object classes of the group (the mandatory and optional attributes that can be associated with the

group). Shared Services uses the object classes listed in this screen in the search filter. Using these

object classes, Shared Services should find all the groups associated with the user.

You can manually add additional object classes if needed. To add an object class, type the object

class name into the Object class text box and click Add.

To delete object classes, select the object class and click Remove.

Example:

groupofuniquenames?uniquemember

12 Click Finish.

Shared Services saves the configuration and returns to the Defined User Directories screen, which

now lists the user directory that you configured.

13 Test the configuration. See “Testing User Directory Connections” on page 53.

14 Add the user directory to the search order used by Shared Services. See “Adding a User Directory to the

Search Order” on page 55 for details.

15 Specify global parameters if needed. See “Setting Global Parameters” on page 57 for details.

Configuring an SAP Provider

Before starting these procedures, meet all prerequisites in “Prerequisites” on page 23.

Configuring User Directories