LDAP Configuration for Novell eDirectory (NDS), Domino, iPlanet, Microsoft Active Directory

(Last modified: 05Jun2004)

This document (10078591) is provided subject to the disclaimer at the end of this document.

goal

fact

Novell Volera Excelerator

fix

For Access Control Policies (ACL policies) to restrict access by LDAP groups, the LDAP authentication policy must have the "LDAP group object class name" and "LDAP user attribute group membership" fields properly completed. The value for these fields varies depending on the directory database that is running LDAP.

The LDAP group object class name for a Novell eDirectory or NDS server is: Groupofnames
The LDAP user attribute group membership: groupmembership

The LDAP group object class name for a Domino server is: groupofnames
The LDAP use attribute group membership: member

The LDAP group object class name for a Microsoft Active Directory or Exchange server is: Group
The LDAP user attribute group membership: memberof

The LDAP group object class name for a Netscape iPlanet server is: groupofuniquenames
The LDAP user attribute group membership: uniquemember

In the command line and .NAS files, these fields are called objectclassgroup and userattrmembership.

See TID 10077674 for details on configuring the ACL to limit access based on these groups.

document

Document Title:	LDAP Configuration for Novell eDirectory (NDS), Domino, iPlanet, Microsoft Active Directory
Document ID:	10078591
Solution ID:	NOVL85650
Creation Date:	10Jan2003
Modified Date:	05Jun2004
Novell Product Class:	Volera Excelerator

disclaimer

The Origin of this information may be internal or external to Novell. Novell makes all reasonable efforts to verify this information. However, the information provided in this document is for your information only. Novell makes no explicit or implied claims to the validity of this information.
Any trademarks referenced in this document are the property of their respective owners. Consult your product manuals for complete trademark information.