Federation Security Services GuideIdentify WS-Federation Resource Partners at the Account PartnerSelect Users for Which Assertions Will Be Generated › Allow Nested LDAP Groups Resource Partner Access

Previous Topic: Excluding a User or Group from Resource Partner Access

Next Topic: Add Users by Manual Entry for Resource Partner Access

Allow Nested LDAP Groups Resource Partner Access

LDAP user directories may contain groups nested in other groups. In complex directories, large amounts of user information may be organized in a nested hierarchy.

If you enable a Resource Partner to search for users in nested groups, any subset group from a larger group that you add to a policy is searched by the Policy Server. If you do not enable nested groups, the Policy Server only searches the single group you specify for the Resource Partner.

To allow the Resource Partner to search nested groups in an LDAP user directory

  1. From the Users tab, select the Allow Nested Groups check box to enable nested groups searching for the Resource Partner.
  2. If the associated affiliate domain contains more than one user directory, the directories appear as tabs on the User tab.

Copyright © 2010 CA. All rights reserved. Email CA about this topic