Virtual static groups make it possible to get the efficiency and ease of management of a dynamic group while allowing clients to interact with them as a static group.
Static groups can be easier to interact with than dynamic groups, but large static groups can be expensive to manage and require a large amount of memory to hold in the internal group cache. Directory Server provides a third type of group: a virtual static group, which references another group and provides access to the members of that group as if it was a static group.
To create a virtual static group, create an entry that has a structural object class of
groupOfUniqueNamesand an auxiliary class of
It should include a
ds-target-group-dnattribute, whose value is the group from which the virtual static group should obtain its members.
You must also enable a virtual attribute that allows the
memberattribute to be generated based on membership for the target group.
This example creates a virtual static group that exposes the members of the
cn=Sales Group,ou=Groups,dc=example,dc=comdynamic group as if it were a static group.
dn: cn=Virtual Static Sales Group,ou=Groups,dc=example,dc=com objectClass: top objectClass: groupOfNames objectClass: ds-virtual-static-group cn: Virtual Static Sales Group ds-target-group-dn: cn=Sales Group,ou=Groups,dc=example,dc=com
To enable a configuration object for the virtual static member attribute, use the
set-virtual-attribute-prop option with
$ bin/dsconfig set-virtual-attribute-prop --name "Virtual Static member" \ --set enabled:trueNote:
A configuration object for this virtual attribute is in the server configuration but is disabled by default.
If you want to use virtual static groups with the
groupOfUniqueNamesobject class, enable the
Virtual Static uniqueMembervirtual attribute in the same way.