How to configure nested group support for Microsoft Active Directory
You want to leverage nested groups for managing access control via the Resource Permissions portlet. How can nested group support be configured for IBM WebSphere Portal when using Microsoft Active Directory as the LDAP server?
While usage of the memberOf attribute can increase performance when determining group membership for a user, it will only return the direct groups for a user. In order to return nested groups for a user, it is important to also leverage the member attribute and set its scope to be nested.
The following is an example snippet from the <wp_profile>/config/cells/<cellname>/wimconfig.xml file which can be used to enable nested group support:
<config:memberAttributes dummyMember="" name="member" objectClass="group" scope="nested"/>
<config:membershipAttribute name="memberOf" scope="direct"/>
More support for:
Software version: 6.1
Operating system(s): AIX, HP-UX, Linux, Solaris, Windows, i5/OS
Software edition: Enable, Express, Extend, Server
Reference #: 1321308
Modified date: 07 April 2009