The PingDirectory Server supports static LDAP groups with structural object classes of groupOfNames, groupOfUniqueNames, or groupOfEntries. In general, static groups may be imported without modification.

A FIFO entry cache can be enabled to cache group-to-user mappings, which improves performance when accessing very large entries, though at the expense of greater memory consumption. The PingDirectory Server provides an out-of-the-box FIFO entry cache object for this purpose. This object must be explicitly enabled using dsconfig as described in Using the Entry Cache to Improve the Performace of Large Static Groups.

To migrate static groups:

  1. Run the migrate-ldap-schema tool to enumerate any schema differences between the DSEE deployment and the Ping Identity deployment.
  2. Run the migrate-sun-ds-config tool to enumerate any configuration differences between the DSEE deployment and the Ping Identity deployment.
  3. Import or configure any necessary schema and/or configuration changes recorded by the above tools.
  4. Import the existing users and groups using the import-ldif tool.
  5. From the PingDirectory Server root directory, open the sun-ds-compatibility.dsconfig file in the docs folder using a text editor.
  6. Find the FIFO Entry Cache section and, after reading the accompanying comments, enable the corresponding dsconfig command by removing the comment character ("#").
    $ bin/dsconfig set-entry-cache-prop \
      --cache-name "Static Group Entry Cache" --set enabled:true
  7. To ensure that references to an entry are updated automatically when the entry is deleted or renamed, enable the Referential Integrity plugin.
    $ bin/dsconfig set-plugin-prop --plugin-name "Referential Integrity" --set enabled:true
    If this Directory Server is part of a replication topology, you should enable the Referential Integrity plugin for each replica.