A static group contains an explicit membership list where each member is represented as a DN-valued attribute. There are three types of static groups supported for use in the Directory Server:
  • groupOfNames. A static group that is defined with the groupOfNames structural object class and uses the member attribute to hold the DNs of its members. RFC 4519 requires that the member attribute be required in an entry. However, the Directory Server has relaxed this restriction by making the member attribute optional so that the last member in the group can be removed. The following entry depicts a group defined with the groupOfNames object class:
    dn: cn=Test Group,ou=Groups,dc=example,dc=com            
    objectClass: top
    objectClass: groupOfNames            
    cn: Test Group  
    member: uid=user.1,ou=People,dc=example,dc=com            
    member: uid=user.2,ou=People,dc=example,dc=com            
    member: uid=user.3,ou=People,dc=example,dc=com
  • groupOfUniqueNames. A static group that is defined with the groupOfUniqueNames structural object class and uses the uniquemember attribute to hold the DNs of its members. RFC 4519 requires that the uniquemember attribute be required in an entry. However, the Directory Server has relaxed this restriction by making the uniquemember attribute optional so that the last member in the group can be removed. The following entry depicts a group defined with the groupOfUniqueNames object class:
    dn: cn=Test Group,ou=Groups,dc=example,dc=com            
    objectClass: top
    objectClass: groupOfUniqueNames            
    cn: Test Group  
    uniquemember: uid=user.1,ou=People,dc=example,dc=com            
    uniquemember: uid=user.2,ou=People,dc=example,dc=com            
    uniquemember: uid=user.3,ou=People,dc=example,dc=com
  • groupOfEntries. A static group that is defined with the groupOfEntries object class and uses the member attribute to hold the DNs of its members. This group specifies that the member attribute is optional to ensure that the last member can be removed from the group. Although the draft proposal (draft-findlay-ldap-groupofentries-00.txt) has expired, the Directory Server supports this implementation. The following entry depicts a group defined with the groupOfEntries object class:
    dn: cn=Test Group,ou=Groups,dc=example,dc=com 
    objectClass: top 
    objectClass: groupOfEntries 
    cn: Test Group
    member: uid=user.1,ou=People,dc=example,dc=com 
    member: uid=user.2,ou=People,dc=example,dc=com 
    member: uid=user.3,ou=People,dc=example,dc=com