Configuration GuideLDAP User Store ManagementWell-Known Attributes for an LDAP User Store › Group Well-Known Attributes

Previous Topic: User Well-Known Attributes

Next Topic: Organization Well-Known Attributes

Group Well-Known Attributes

The following is a list of group well-known attributes:

%GROUP_ADMIN_GROUP%

Indicates which attribute stores a list of groups that are administrators of the group. For example, when group 1 is an administrator of group A, group 1 is stored in the %GROUP_ADMIN_GROUP% attribute.

Note: If you do not specify a %GROUP_ADMIN_GROUP% attribute, CA Identity Manager stores administrator groups in the %GROUP_ADMIN% attribute.

Note: To add a group as an administrator of another group, see the Administration Guide.

%GROUP_ADMIN%

Indicates which attribute contains the DNs of the group’s administrators.

The physical attribute mapped to %GROUP_ADMIN% must be multivalued.

%GROUP_DESC%

Indicates which attribute contains a group’s description.

%GROUP_MEMBERSHIP%

(Required)

Indicates which attribute contains a list of the group’s members.

The physical attribute mapped to %GROUP_MEMBERSHIP% must be multivalued.

The %GROUP_MEMBERSHIP% well-known attribute is not required for Provisioning user directories.

%GROUP_NAME%

(Required)

Indicates which attribute stores a group name.

%ORG_MEMBERSHIP%

(Required)

Indicates which attribute contains the DN of the organization to which the group belongs.

CA Identity Manager uses this well-known attribute to determine a directory’s structure.

This attribute is not required when the user directory does not include organizations.

%ORG_MEMBERSHIP_NAME%

Indicates which attribute contains the user-friendly name of the organization in which the group exists.

This attribute is not valid for user directories that do not include organizations.

%SELF_SUBSCRIBING%

Indicates which attribute determines whether users can subscribe to a group.

%NESTED_GROUP_MEMBERSHIP%

Indicates which attribute stores a list of groups that are members of the group. For example, when group 1 is a member of group A, group 1 is stored in the %NESTED_GROUP_MEMBERSHIP% attribute.

If you do not specify a %NESTED_GROUP_MEMBERSHIP% attribute, CA Identity Manager stores nested groups in the %GROUP_MEMBERSHIP% attribute.

To include groups as members of other groups, configure support for nested groups as described in Configuring Dynamic and Nested Groups for instructions.

%DYNAMIC_GROUP_MEMBERSHIP%

Indicates which attribute stores the LDAP query that generates a dynamic group.

Note: To extend the available attributes for the Group object to include %NESTED_GROUP_MEMBERSHIP% and %DYNAMIC_GROUP_MEMBERSHIP% attributes, you can use auxiliary object classes.

More information:

Well-Known Attributes for an LDAP User Store

Configure Dynamic and Nested Groups

How to Configure Groups

Configure Well-Known Attributes