Directory Server provides three types of groups: static, dynamic, and virtual static groups.
A description of each group type follows:
- Static groups
- A static group is an entry that contains an explicit list of member or
uniquemember attributes, depending on its structural object class. Static groups are
ideal for small, infrequently changing elements. When the membership list grows,
static groups become more difficult to manage because any change in a member base
distinguished name (DN) must then be changed in the group. Static groups use one of
three structural object classes:
Directory Server also supports nested groups, in which a parent group entry contains child attributes whose DNs reference another group. Nested groups are a flexible means to organize entries that provide inherited group membership and privileges. To maintain good performance throughput, a group cache is enabled by default. The cache supports static group nesting that includes other static, virtual static, and dynamic groups.
- Dynamic groups
- A dynamic group has its membership list determined by search criteria using an LDAP URL. Dynamic groups solve the scalability issues for static groups because searches are efficient, constant-time operations. However, searches that range over a large set of data might affect performance.
- Virtual static groups
- A virtual static group is a combination of both static and dynamic groups, in which each member in a group is a virtual attribute that is dynamically generated when invoked. Virtual static groups solve the scalability issues for clients that can only support static groups and are best used when the application targets a search operation for a specific member. Avoid using virtual static groups for applications that need to retrieve the entire membership list because the process for constructing the entire membership list can be expensive.