Static groups can be easier to interact with than dynamic groups, but large static groups can be expensive to manage and require a large amount of memory to hold in the internal group cache. The Directory Server provides a third type of group that makes it possible to get the efficiency and ease of management of a dynamic group while allowing clients to interact with it as a static group. A virtual static group is a type of group that references another group and provides access to the members of that group as if it was a static group.
ds-virtual-static-group. It should also include a ds-target-group-dn attribute, whose value is the group from which the virtual static group should obtain its members. For example, the following will create a virtual static group that exposes the members of the cn=Sales Group,ou=Groups,dc=example,dc=com dynamic group as if it were a static group:
dn: cn=Virtual Static Sales Group,ou=Groups,dc=example,dc=com objectClass: top objectClass: groupOfNames objectClass: ds-virtual-static-group cn: Virtual Static Sales Group ds-target-group-dn: cn=Sales Group,ou=Groups,dc=example,dc=com
memberattribute to be generated based on membership for the target group. A configuration object for this virtual attribute does exist in the server configuration, but is disabled by default. To enable it, issue the following change:
$ bin/dsconfig set-virtual-attribute-prop --name "Virtual Static member" \ --set enabled:true
If you want to use virtual static groups with the groupOfUniqueNames
object class, then you will also need to enable the
uniqueMember virtual attribute in the same way.