1. Open a text editor, and then create a group entry in LDIF. The entry contains the groupOfUniqueNames object class, but in place of the uniquemember attribute is the ds-target-group-dn virtual attribute, which is part of the ds-virtual-static-group auxiliary object class. When done, save the file as add-virtual-static-group.ldif.
    dn: cn=virtualstatic,ou=groups,dc=example,dc=com 
    objectclass: top 
    objectclass: groupOfUniqueNames 
    objectclass: ds-virtual-static-group
    ou: groups 
    cn: virtual static 
    ds-target-group-dn: cn=eng-staff,ou=groups,dc=example,dc=com
  2. Use ldapmodify to add the virtual static group entry to the server.
    $ bin/ldapmodify -h server1.example.com -p 389 -D "uid=admin,dc=example,dc=com" \
      -w password -a -f add-virtual-static-group.ldif
  3. Use dsconfig to enable the Virtual Static uniqueMember attribute, which is disabled by default.
    $ bin/dsconfig set-virtual-attribute-prop --name "Virtual Static uniqueMember" \
      --set enabled:true
  4. In the previous section, we set up uid=user.0 to be part of the cn=eng-staff dynamic group. Use ldapsearch with the isMemberOf virtual attribute to determine if uid=user.0 is part of the virtual static group.
    $ bin/ldapsearch -h server1.example.com -p 389 -D "cn=Directory Manager" \
      -w secret -b dc=example,dc=com" "(uid=user.0)" isMemberOf
    dn: uid=user.0,ou=People,dc=example,dc=com 
    isMemberOf: cn=virtualstatic,ou=groups,dc=example,dc=com 
    isMemberOf: cn=eng-staff,ou=groups,dc=example,dc=com
  5. Use ldapsearch to determine if uid=user.0 is a member of the virtual static group. You should see the returned cn=virtualstatic entry if successful.
    $ ldapsearch -h localhost -p 1389 -D "cn=Directory Manager" -w password \
      -b "cn=virtualStatic,ou=Groups,dc=example,dc=com" \ 
      "(&(objectclass=groupOfUniqueNames) \ 
      (uniquemember=uid=user.0,ou=People,dc=example,dc=com))"
  6. Next, try searching for a user that is not part of the cn=eng-staff dynamic group (e.g., uid=user.20), nothing will be returned.
    $ ldapsearch -h localhost -p 1389 -D "cn=Directory Manager" -w password \ 
      -b "cn=virtualStatic,ou=Groups,dc=example,dc=com" \ 
      "(&(objectclass=groupOfUniqueNames) \
      (uniquemember=uid=user.20,ou=People,dc=example,dc=com))"