Dynamic Groups in eDirectory
Articles and Tips: qna
01 Jan 2003
Q.
OK, have you ever successfully created and used a dynamic group other than one via Novell Portal Services? I cannot get any LDAP search mechanism to return the group in what the TID says will be the "members" LDAP attribute. I have tried different permutations of eDirectory permissions, to no avail.
I'm using eDirectory v8.6.2 with Support Pack 2 on NetWare 5.1 running Support Pack 5. Is there a secret handshake I need to know to get this running? Any pushes in the right direction that you can give me would be most kindly appreciated.
Dynamic Danny
A.
Dear Dynamic: I would suggest making the following modifications to the first LDIF snippet (see below). Instead of using dgIdentity, put in a userPassword and set it to anything. It doesn't matter what you set because you never need to login as that object. A random string of characters works.
Next, you need to grant rights to the dynamic group in order to read the attributes that are used in the memberQueryURL--in this case, the attribute 'title.' So grant rights to the base container, ou=istaff,o=novell. If that doesn't work, you might also grant rights to read 'cn' in the same container.
version: 1 dn:cn=Dynamic Group,ou=istaff,o=novell changetype: add cn: Dynamic Group objectclass: dynamicGroup memberQueryURL:ldap:///ou=istaff, o=novell??sub?(title=Sales Support) member: cn=cindy,ou=istaff,o=novell userPassword: abc123
* Originally published in Novell AppNotes
Disclaimer
The origin of this information may be internal or external to Novell. While Novell makes all reasonable efforts to verify this information, Novell does not make explicit or implied claims to its validity.