LDAP Group Settings
The Group Settings interface allows administrators to define what types of directory objects RapidIdentity should consider Groups and which LDAP attributes RapidIdentity should use when working with Group objects.
 |
Field Name | Description |
|---|---|
Name Attribute | The attribute from the global attribute list that is used to display group names. |
Description Attribute | The attribute from the global attribute list that is used to display group descriptions, usually as tooltips. |
Group Base DN | The base DN in the LDAP tree for Groups. RapidIdentity will not be able to find or operate on Group objects outside of this sub tree. The built-in object browser makes finding the value required for this field easier. |
Group Object Class | The LDAP object class for Group objects. |
Base Group Filter | The base LDAP filter to use when searching for Group objects. |
Support Nested Groups | Allows groups to contain other groups as members. This is a powerful feature, however, enabling this functionality will impact performance resulting in slower lookup operations for all groups. |
Groups Back Referenced on User Object | In eDirectory and OpenLDAP environments, it is possible for a user object to be a member of a group object and that membership not be reflected on the user object itself. Not accounting for this behavior can result in unexpected results. To account for this RapidIdentity Portal, by default, will always validate user group membership. For eDirectory, if your tree is managed in such a way as to ensure that all group membership is reflected in attributes on the user objects directly, enabling this option can result in a performance increase for group lookups. |