Administration Guide › Set Up Groups and Roles › Set Up Groups and Roles › Setting Up Dynamic Groups › Enable Dynamic Groups

Enable Dynamic Groups

Dynamic roles are based on the dxMemberURL attribute of the following object classes:

• dxDynamicGroupOfNames
• dxDynamicGroupOfUniqueNames

You can add these attributes to a groupOfNames or groupOfUniqueNames object class respectively so that dxMemberURL can be included.

To enable dynamic groups

1. Stop the DSA.
2. Add the following commands to the DSA's settings:

   clear dynamic-group;
   

   set dynamic-group [tag] = {
   objectclass = object-class
   url-attr = attribute
   member-attr = attribute
   };
   

   For example:

   set dynamic-group GROUP = {
   objectclass = dxDynamicGroupOfNames
   url-attr = dxMemberURL
   member-attr = member
   };
   

3. Start the DSA.
4. Ensure that the DIT contains a subtree in which you can store the roles entries.

   Note: Using the [subtree = DN] parameter, you can also specify the dynamic-group-subtree to inspect for the specified baseObject, narrowing the search to only this sub-tree. This supports dynamic group membership search and compare requests without requiring set use-dynamic-roles = true;.

   For instance, the examples use the following subtree:

   c=AU,o=Democorp,ou=Groups
   

More information:

set dynamic-group Command