|Applies To||ClearTrust Authorization Server 6.0.2|
|Issue|| How to view Member User Groups with additional object classes|
Member User Groups which contain additional object classes fail to list with admin GUI (admingui)
A group search filter will be created using the objectclass configured in following parameter in the ldap.conf file:
then the retrieved objects are differentiated and identified as group, user or administrative group with the value set in the parameter:
cleartrust.data.ldap.group.objectclass :top, groupOfUniqueNames
If there is an entry with an objectclass which is not present in the above parameter, that entry is considered as "it is not a group" and ignored for the group segregation.
List all additional objectclass classes in use in the cleartrust.data.ldap.group.objectclass parameter, for example cleartrust.data.ldap.group.objectclass :top, groupOfUniqueNames, posixGroup
As an example, consider the following directory server objects:
The Parent Group:
Now consider the two member groups:
The object class list which makes up the object matches the cleartrust.data.ldap.group.objectclass parameter to this object will be visible.
This has the additional object class value of posixGroup so would not be displayed unless the cleartrust.data.ldap.group.objectclass parameter were updated (note that MyGroup2 would need to be altered so that its object class heirarchy also matched).
|Legacy Article ID||a37878|