How to configure IM to create dynamic group in CA Directory?
Question:
How to configure IM to create dynamic group in CA Directory?
Answer:
Assumption: IM is working and can create static group.
1. Enable dynamic groups in CA Directory
Dynamic roles are based on the dxMemberURL attribute of the following object classes:
- dxDynamicGroupOfNames
- dxDynamicGroupOfUniqueNames
You can add these attributes to a groupOfNames or groupOfUniqueNames object class, respectively so that dxMemberURL can be included.
2. Stop the DSA
3. Add the following commands to the the DSA's settings under \CA\Directory\dxserver\config\settings:
clear dynamic-group;
set dynamic-group [tag] = {
objectclass = object-class
url-attr = attribute
member-attr = attribute
};
For example:
<Please see attached file for image>
4. Start DSA
5. Export corporate directory in IM
<Please see attached file for image>
6. Edit the directory xml file by adding
objectclass="dxDynamicGroupOfUniqueNames"
and modifying
physicalname="memberURL" to physicalname="dxMemberURL"
to managed object attribute %DYNAMIC_GROUP_MEMBERSHIP%
For example,
<ImsManagedObjectAttr physicalname="dxMemberURL" description="Dynamic Group Query" objectclass="dxDynamicGroupOfUniqueNames" displayname="DynamicGroup Query" valuetype="String" multivalued="true" wellknown="%DYNAMIC_GROUP_MEMBERSHIP%" maxlength="0" hidden="true" system="true" searchable="false"/>
7. Save the change, update the IM directory, and restart the environment when being prompted.
8. Verify the change is updated into IM directory
<Please see attached file for image>
9. Create a dynamic group via IM User Console
<Please see attached file for image>
All users with title contains “Manager” are now added as members:
<Please see attached file for image>
From JXplorer, the dynamic group looks like this:
<Please see attached file for image>
Release:
Component: IDMGR