Policy Server :: LDAP Group : Member Definitions

Document ID : KB000017628
Last Modified Date : 14/02/2018
Show Technical Document Details

Question :

In a LDAP Group, I would like to know if a given member should be DN or can only be set as UID?

 

Environment :

SiteMinder 12.52SP1

 

Answer :

From the RFC 4519 section-2.17, it seems you need to set the DN:

2.17. 'member'

The 'member' attribute type contains the distinguished names of objects that are on a list or in a group. Each name is one value of this multi-valued attribute.
(Source: X.520 [X.520])

(2.5.4.31 NAME 'member'
SUP distinguishedName)

Examples: "cn=James Clarke,ou=Finance,o=Widget\, Inc." and "cn=John Xerri,ou=Finance,o=Widget\, Inc." may be two members of the financial team (group) at Widget,
Inc., in which case, both of these distinguished names would be present as individual values of the member attribute.

(http://tools.ietf.org/html/rfc4519#section-2.17)