Article

Problem

You need to associate and check nested group members and find out to which Group that members are associated with, using iManager.

Pre-requisites

Create a nested Group in eDirectory 8.8.2, using iManager 2.6.x or 2.7. The static group needs to be converted to a nested group, using the object class nestedGroupAux to allow for the groupMembership value.

Solution 1

To associate and check the member(Group Member) of a nested Group, follow the steps below.

1. Log in to iManager 2.7 with Administrator credentials.

2. Select Directory Administration > Modify object.

3. Specify the nested group object name as “NG”.

4. Click OK.

Click to view.

Figure 1 - Modifying the nested group object "NG"

5. Go to the Other tab.

6. Click on "groupMember" in the Unvalued Attributes dropdown list. Using the Add option, provide the group member information in the Add Attribute window (in this example it is "SG1").

7. Click OK.

Click to view.

Figure 2 – Associating the nested group SG1 to nested group NG, using groupMember

8. Apply these changes.

Click to view.

Figure 3 – Saving the changes

9. To verify, perform an ldapsearch for the nested group object “NG” to verify that the member was associated. For example:

ST-FC-CLI-174:~ # ldapsearch -D cn=admin,o=novell -w novell -p 390 cn=ng
version: 1

#
# filter: cn=ng
# requesting: ALL
#

# NG,novell
dn: cn=NG,o=novell
groupMember: cn=SG1,o=novell
equivalentToMe: cn=NG,o=novell
owner: cn=admin,o=novell
objectClass: groupOfNames
objectClass: Top
objectClass: nestedGroupAux
member: cn=NG,o=novell
cn: NG
ACL: 2#entry#[Root]#member

# search result
# search: 2
# result: 0 Success

# numResponses: 2
# numEntries: 1

Solution 2

To determine which members are associated (GroupMembership) to a nested group, follow the steps below.

1. Log in to iManager 2.7 with Administrator credentials.

2. Select Directory Administration->Modify object-> Select object name “SG1” (SG1 is a Static group converted to Nested group)->Click on OK.

Click to view.

Figure 4 - Modifying the nested group object “SG1”.
.
3. Go to “Other” tab -> Click on “Group Membership” from Unvalued Attributes “<-” Add option -> Provide the group membership information which is “NG” in the Add Attribute window -> Click on OK.

Click to view.

Figure 5 - Associating the GroupMembership “NG” to SG1

3. Apply these changes.

Click to view.

Picture 6 – Showing the option to click on Apply in order to save the changes.

4. To verify, perform an ldapsearch:

ST-FC-CLI-174:~ # ldapsearch -D cn=admin,o=novell -w novell -p 390 cn=SG1
version: 1

#
# filter: cn=SG1
# requesting: ALL
#

# SG1,novell
dn: cn=SG1,o=novell
owner: cn=admin,o=novell
objectClass: groupOfNames
objectClass: Top
objectClass: nestedGroupAux
groupMembership: cn=NG,o=novell
cn: SG1
ACL: 2#entry#[Root]#member

# search result
# search: 2
# result: 0 Success

# numResponses: 2
# numEntries: 1

Conclusion

Now we have nested SG1, with NG having a group member SG1 and SG1 showing its association to NG with GroupMembership attribute. This way we can associate and verify the members of a given nested group, as well as to which all groups the members belong.