Policy Server :: LDAP Group : Member Definitions

Document ID : KB000017628
Last Modified Date : 14/02/2018
Show Technical Document Details

Question :

In a LDAP Group, I would like to know if a given member should be DN or can only be set as UID?


Environment :

SiteMinder 12.52SP1


Answer :

From the RFC 4519 section-2.17, it seems you need to set the DN:

2.17. 'member'

The 'member' attribute type contains the distinguished names of objects that are on a list or in a group. Each name is one value of this multi-valued attribute.
(Source: X.520 [X.520])

( NAME 'member'
SUP distinguishedName)

Examples: "cn=James Clarke,ou=Finance,o=Widget\, Inc." and "cn=John Xerri,ou=Finance,o=Widget\, Inc." may be two members of the financial team (group) at Widget,
Inc., in which case, both of these distinguished names would be present as individual values of the member attribute.