Using virtual static groups
Virtual static groups make it possible to get the efficiency and ease of management of a dynamic group while allowing clients to interact with them as a static group.
About this task
Static groups can be easier to interact with than dynamic groups, but large static groups can be expensive to manage and require a large amount of memory to hold in the internal group cache. The PingDirectory server provides a third type of group: a virtual static group, which references another group and provides access to the members of that group as if it was a static group.
Steps
-
To create a virtual static group, create an entry that has a structural object class of either
groupOfNamesorgroupOfUniqueNamesand an auxiliary class ofds-virtual-static-group.It should include a
ds-target-group-dnattribute, whose value is the group from which the virtual static group should obtain its members.You must also enable a virtual attribute that allows the
memberattribute to be generated based on membership for the target group.Example:
This example creates a virtual static group that exposes the members of the
cn=Sales Group,ou=Groups,dc=example,dc=comdynamic group as if it were a static group.dn: cn=Virtual Static Sales Group,ou=Groups,dc=example,dc=com objectClass: top objectClass: groupOfNames objectClass: ds-virtual-static-group cn: Virtual Static Sales Group ds-target-group-dn: cn=Sales Group,ou=Groups,dc=example,dc=com
-
To enable a configuration object for the virtual static member attribute, use the
set-virtual-attribute-propoption withdsconfig.Example:
$ bin/dsconfig set-virtual-attribute-prop --name "Virtual Static member" \ --set enabled:trueA configuration object for this virtual attribute is in the server configuration but is disabled by default.
If you want to use virtual static groups with the
groupOfUniqueNamesobject class, enable theVirtual Static uniqueMembervirtual attribute in the same way.