Static groups can be easier to interact with than dynamic groups, but large static groups can be expensive to manage and require a large amount of memory to hold in the internal group cache. The Directory Server provides a third type of group that makes it possible to get the efficiency and ease of management of a dynamic group while allowing clients to interact with it as a static group. A virtual static group is a type of group that references another group and provides access to the members of that group as if it was a static group.
ds-virtual-static-group
. It should also include a
ds-target-group-dn attribute, whose value is the group from which the
virtual static group should obtain its members. For example, the following will create a
virtual static group that exposes the members of the cn=Sales
Group,ou=Groups,dc=example,dc=com dynamic group as if it were a static
group:dn: cn=Virtual Static Sales Group,ou=Groups,dc=example,dc=com objectClass: top objectClass: groupOfNames objectClass: ds-virtual-static-group cn: Virtual Static Sales Group ds-target-group-dn: cn=Sales Group,ou=Groups,dc=example,dc=com
member
attribute to be generated based on membership for the target group. A configuration object for
this virtual attribute does exist in the server configuration, but is disabled by default. To
enable it, issue the following
change:$ bin/dsconfig set-virtual-attribute-prop --name "Virtual Static member" \ --set enabled:true
If you want to use virtual static groups with the groupOfUniqueNames
object class, then you will also need to enable the Virtual Static
uniqueMember
virtual attribute in the same way.