RapidIdentity Administrators' and Users' Guide

LDAP Group Settings

The Group Settings interface allows administrators to define what types of directory objects RapidIdentity should consider Groups and which LDAP attributes RapidIdentity should use when working with Group objects.

Table 49. Group Settings

Field Name


Name Attribute

The attribute from the global attribute list that is used to display group names.

Description Attribute

The attribute from the global attribute list that is used to display group descriptions, usually as tooltips.

Group Base DN

The base DN in the LDAP tree for Groups. RapidIdentity will not be able to find or operate on Group objects outside of this sub tree.

The built-in object browser makes finding the value required for this field easier.

Group Object Class

The LDAP object class for Group objects.

Base Group Filter

The base LDAP filter to use when searching for Group objects.

Support Nested Groups

Allows groups to contain other groups as members. This is a powerful feature, however, enabling this functionality will impact performance resulting in slower lookup operations for all groups.

Groups Back Referenced on User Object

In eDirectory and OpenLDAP environments, it is possible for a user object to be a member of a group object and that membership not be reflected on the user object itself. Not accounting for this behavior can result in unexpected results. To account for this RapidIdentity Portal, by default, will always validate user group membership.

For eDirectory, if your tree is managed in such a way as to ensure that all group membership is reflected in attributes on the user objects directly, enabling this option can result in a performance increase for group lookups.