5.4. Using Groups
Groups are a mechanism for associating entries for ease of administration. This mechanism was provided with previous versions of Directory Server and should be used primarily for compatibility with older versions of the server.
Static groups organize entries by specifying the same group value in the DN attribute of any number of users. This section includes the following procedures for creating and modifying static groups:
If a user has an entry on a remote Directory Server (for example, in a chained database), different from the Directory Server which has the entry that defines the static group, then use the Referential Integrity plug-in to ensure that deleted user entries are automatically deleted from the static group, but there are some performance and access control considerations. For more information about using referential integrity with chaining, refer to Section 3.3.1, “Configuring the Chaining Policy”.
In the Directory Server Console, select the Directory tab.
In the left pane, right-click the entry under which to add a new group, and select New > Group.
Alternatively, go to the Object menu and select New > Group.
Click General in the left pane. Type a name for the new group in the Group Name field.
The group name is required.
Enter a description of the new group in the Description field.
Click Members in the left pane. In the right pane, select the Static Group tab. Click Add to add new members to the group.
The standard Search users and groups dialog box appears.
In the Search drop-down list, select what sort of entries to search for (users, groups, or both) then click Search. Select one of the entries returned, and click OK.
Click Languages in the left pane to add language-specific information for the group.
Click OK to create the new group. It appears in the right pane.
In the Directory Server Console, select the Directory tab.
The directory contents appear in the left pane.
Double-click the entry to modify, or select Open from the Object menu.
The Edit Group dialog box appears.
Click OK. To view the changes, go to the View menu, and select Refresh.
The Console for managing static groups may not display all possible selections during a search operation if there is no VLV index for users' search. This problem occurs only when the number of users is 1000 or more and there is no VLV index for search. To work around the problem, create a VLV index for the users suffix with the filter (objectclass=person) and scope sub-tree.
Dynamic groups filter users based on their DN and include them in a single group. This section contains the following procedures for creating and modifying dynamic groups:
Follow the steps of Section 5.4.1.1, “Adding a New Static Group”.
Click Members in the left pane. In the right pane, select the Dynamic Group tab. Click Add to create a LDAP URL for querying the database.
The standard Construct and Test LDAP URL dialog box opens.
Enter an LDAP URL in the text field or select Construct to be guided through the construction of an LDAP URL.
Click Languages in the left pane to add language-specific information for the group.
Click OK. The new group appears in the right pane.
In the Directory Server Console, select the Directory tab.
The directory contents appear in the left pane.
Double-click the entry to modify, or select Properties from the Object menu.
The Edit Group dialog box appears.
Make any changes to the group information. Click OK.
To view the changes, go to the View menu, and select Refresh.
The Console for managing dynamic groups may not display all possible selections during a search operation if there is no VLV index for users' search. This problem can occur when the number of users is 1000 or more and there is no VLV index for search. To work around the problem, create a VLV index for the users suffix with the filter (objectclass=person) and scope sub-tree.