Page created: 24 Jul 2019
|
Page updated: 6 Nov 2019
A static group contains an explicit membership list where each member is represented as a
DN-valued attribute. There are three types of static groups supported for use in the Directory Server:
-
groupOfNames. A static group that is defined with the
groupOfNames
structural object class and uses themember
attribute to hold the DNs of its members. RFC 4519 requires that themember
attribute be required in an entry. However, the Directory Server has relaxed this restriction by making themember
attribute optional so that the last member in the group can be removed. The following entry depicts a group defined with thegroupOfNames
object class:dn: cn=Test Group,ou=Groups,dc=example,dc=com objectClass: top objectClass: groupOfNames cn: Test Group member: uid=user.1,ou=People,dc=example,dc=com member: uid=user.2,ou=People,dc=example,dc=com member: uid=user.3,ou=People,dc=example,dc=com
-
groupOfUniqueNames. A static group that is defined with the
groupOfUniqueNames
structural object class and uses theuniquemember
attribute to hold the DNs of its members. RFC 4519 requires that theuniquemember
attribute be required in an entry. However, the Directory Server has relaxed this restriction by making theuniquemember
attribute optional so that the last member in the group can be removed. The following entry depicts a group defined with thegroupOfUniqueNames
object class:dn: cn=Test Group,ou=Groups,dc=example,dc=com objectClass: top objectClass: groupOfUniqueNames cn: Test Group uniquemember: uid=user.1,ou=People,dc=example,dc=com uniquemember: uid=user.2,ou=People,dc=example,dc=com uniquemember: uid=user.3,ou=People,dc=example,dc=com
-
groupOfEntries. A static group that is defined with the
groupOfEntries
object class and uses themember
attribute to hold the DNs of its members. This group specifies that themember
attribute is optional to ensure that the last member can be removed from the group. Although the draft proposal (draft-findlay-ldap-groupofentries-00.txt) has expired, the Directory Server supports this implementation. The following entry depicts a group defined with thegroupOfEntries
object class:dn: cn=Test Group,ou=Groups,dc=example,dc=com objectClass: top objectClass: groupOfEntries cn: Test Group member: uid=user.1,ou=People,dc=example,dc=com member: uid=user.2,ou=People,dc=example,dc=com member: uid=user.3,ou=People,dc=example,dc=com