Question:

How to configure IM to create dynamic group in CA Directory?

Answer: 

Assumption: IM is working and can create static group.

1.       Enable dynamic groups in CA Directory

Dynamic roles are based on the dxMemberURL attribute of the following object classes:

•         dxDynamicGroupOfNames
•         dxDynamicGroupOfUniqueNames

You can add these attributes to a groupOfNames or groupOfUniqueNames object class, respectively so that dxMemberURL can be included.

2.      Stop the DSA

3.      Add the following commands to the the DSA's settings under \CA\Directory\dxserver\config\settings:

clear dynamic-group;

set dynamic-group [tag] = {

objectclass = object-class

url-attr = attribute

member-attr = attribute

};

For example:

<Please see attached file for image>

4.     Start DSA

5.      Export corporate directory in IM

<Please see attached file for image>

6.      Edit the directory xml file by adding

objectclass="dxDynamicGroupOfUniqueNames"

and modifying

physicalname="memberURL" to physicalname="dxMemberURL"

to managed object attribute  %DYNAMIC_GROUP_MEMBERSHIP%

For example,

<ImsManagedObjectAttr physicalname="dxMemberURL" description="Dynamic Group Query"  objectclass="dxDynamicGroupOfUniqueNames" displayname="DynamicGroup Query" valuetype="String" multivalued="true" wellknown="%DYNAMIC_GROUP_MEMBERSHIP%" maxlength="0" hidden="true" system="true" searchable="false"/>

7.       Save the change, update the IM directory, and restart the environment when being prompted.

8.       Verify the change is updated into IM directory

<Please see attached file for image>

9.       Create a dynamic group via IM User Console

<Please see attached file for image>

All users with title contains “Manager” are now added as members:

<Please see attached file for image>

From JXplorer, the dynamic group looks like this:

<Please see attached file for image>