10.2.5 Task 5: (Configuring for the external mode only) Configure group retrieval from the directory service
Complete this task to configure group retrieval for the external mode. Follow the appropriate procedure for your directory service. This task includes the following subsections:
For details about configuration instructions, see 10.4.5 User group identification.
- Organization of this subsection
(1) Simple approach for Microsoft Active Directory
-
Back up the ldap.properties file, and then open the file in any text editor.
-
Specify the portion of the directory service domain that stores group records.
The text shown in step 1 contains the following line:
#rolesCtxDN=CN=Users,DC=my-company-name, DC=my-suffix
Do the following:
-
Uncomment the line (by deleting the hash mark (#)).
-
Replace my-company-name and my-suffix with the components of the fully-qualified host name of the Active Directory server (for example, for the host name myserver.example.com, specify: DC=example,DC=com).
-
(2) Simple approach for other directory services
-
Back up the ldap.properties file, and then open the file in any text editor.
-
Specify the portion of the directory service domain that stores group records.
The text shown in step 1 contains the following line:
#rolesCtxDN=ou=Groups,o=myco.com
Do the following:
-
Uncomment the line (by deleting the hash mark (#)).
-
Replace ou=Groups,o=myco.com with the portion of the directory service domain that stores group records.
-
-
Specify the format of group member names in the directory service group definitions.
The text shown in step 1 contains the following line:
roleFilter=member={1}Replace member with the name of the group attribute that stores the directory service user ID in the directory service domain.