Express (Distributed operating systems), v8.0 > Secure applications and their environment > Authenticate users > Select a registry or repository > Manage realms in a federated repository > Virtual member manager > Troubleshoot and Support > Support issues and limitations > Groups and membership issues and limitations > Member and membership attribute configuration


Set the scope parameter

Configure the scope parameter of the memberAttributes or membershipAttributes as direct or nested according to the LDAP server.

The member and membership configuration for groups in the wimconfig.xml file is shown in the following example:

<config:groupConfiguration>  
<config:memberAttributes name="members" objectClass="group" scope="direct"/>  
<config:membershipAttribute name="memberof" scope="direct"/>
</config:groupConfiguration> 

In the this example, the memberAttributes and membershipAttribute configuration sets the scope as direct. We must set this configuration according to the LDAP server. Hence, before setting the scope to nested, confirm with the LDAP server administrator that the member attribute in the LDAP server contains both direct and nested members.

If you specify the scope as nested, all members, including direct and nested, are returned by accessing the member attribute of a group once. However, in most cases, the member attribute contains only the direct members of the group. Hence, check the member attribute of the nested group to get the members of this nested group.

The scope parameter is not specific to any LDAP server type, and can also be configured in the LDAP server side by the LDAP administrator.

For more information about using the scope parameter, read about the addIdMgrLDAPGroupMemberAttr command of the IdMgrRepositoryConfig command group in the WebSphere Application Sever information center.

Parent topic: Member and membership attribute configuration



+

Search Tips   |   Advanced Search