Dynamic Group membership not reflected on user

Document ID : KB000117522
Last Modified Date : 15/10/2018
Show Technical Document Details
Issue:
We have created a Dynamic Group in Identity Manager and configuring the dynamic query
ldap:///ou=MYCOMPANY,ou=im,ou-ca,o=com??sub??(roomNumber=9999)
When viewing the Group object (view Group members) we can see the correct users being listed
However, when viewing the User object (view User), we cannot see the dynamic group listed under the Groups tab.
Environment:
IM 12.6 SPx
IM 14.x
Cause:
IM is validating the organization of a user against dynamic query's base DN, which is why we have to use Base DN of organisation in dynamic query.
 
Resolution:
Update the dynamic query to be using
ldap:///ou=MYCOMPANY,ou=im,ou-ca,o=com??sub??(roomNumber=9999)
as the dynamic query instead of
ldap:///ou=people,ou=MYCOMPANY,ou=im,ou-ca,o=com??sub??(roomNumber=9999)

This will allow the groups to be displayed from the User oriented task
Additional Information:
https://docops.ca.com/ca-identity-manager/14-2/EN/administrating/administrators-users-and-groups/groups/dynamic-group-query-parameters
https://comm.support.ca.com/kb/how-to-configure-im-to-create-dynamic-group-in-ca-directory/kb000037199