Page created: 6 Nov 2019
|
Page updated: 25 Mar 2020
| 2 min read
8.0 Product PingDirectory Product documentation Content Type Administration User task Administrator Audience IT Administrator Software Deployment Method Directory Capability
-
Open a text editor, and then create a group entry in LDIF. The entry contains
the
groupOfUniqueNames
object class, but in place of theuniquemember
attribute is theds-target-group-dn
virtual attribute, which is part of theds-virtual-static-group
auxiliary object class. When done, save the file as add-virtual-static-group.ldif.dn: cn=virtualstatic,ou=groups,dc=example,dc=com objectclass: top objectclass: groupOfUniqueNames objectclass: ds-virtual-static-group ou: groups cn: virtual static ds-target-group-dn: cn=eng-staff,ou=groups,dc=example,dc=com
-
Use ldapmodify to add the virtual static group entry to the
server.
$ bin/ldapmodify -h server1.example.com -p 389 -D "uid=admin,dc=example,dc=com" \ -w password -a -f add-virtual-static-group.ldif
-
Use dsconfig to enable the Virtual Static
uniqueMember
attribute, which is disabled by default.$ bin/dsconfig set-virtual-attribute-prop --name "Virtual Static uniqueMember" \ --set enabled:true
-
In the previous section, we set up
uid=user.0
to be part of thecn=eng-staff
dynamic group. Use ldapsearch with theisMemberOf
virtual attribute to determine ifuid=user.0
is part of the virtual static group.$ bin/ldapsearch -h server1.example.com -p 389 -D "cn=Directory Manager" \ -w secret -b dc=example,dc=com" "(uid=user.0)" isMemberOf
dn: uid=user.0,ou=People,dc=example,dc=com isMemberOf: cn=virtualstatic,ou=groups,dc=example,dc=com isMemberOf: cn=eng-staff,ou=groups,dc=example,dc=com
-
Use ldapsearch to determine if
uid=user.0
is a member of the virtual static group. You should see the returned cn=virtualstatic entry if successful.$ ldapsearch -h localhost -p 1389 -D "cn=Directory Manager" -w password \ -b "cn=virtualStatic,ou=Groups,dc=example,dc=com" \ "(&(objectclass=groupOfUniqueNames) \ (uniquemember=uid=user.0,ou=People,dc=example,dc=com))"
-
Next, try searching for a user that is not part of the
cn=eng-staff dynamic group (e.g.,
uid=user.20), nothing will be returned.
$ ldapsearch -h localhost -p 1389 -D "cn=Directory Manager" -w password \ -b "cn=virtualStatic,ou=Groups,dc=example,dc=com" \ "(&(objectclass=groupOfUniqueNames) \ (uniquemember=uid=user.20,ou=People,dc=example,dc=com))"