The group mode and related settings are specified in the Configuration Information field of the Security Manager definition in the Enterprise Server Administration web interface:
[LDAP] group type=MF|custom|AD|both group class=group-class-name group member attribute=member-attribute-name
The group type configuration setting has four possible values:
The default group mode is MF. See Using Non-Micro Focus Group Objects with LDAP-based Security for more information on the group modes.
In custom mode, use these to set the name of the LDAP object class containing group information, and the name of the LDAP attribute listing group members.
In combined mode, these attributes apply only to non-AD groups.
The default for group class is microfocus-MFDS-Group and for group member attribute is microfocus-MFDS-Group-Member.
When using a group type other than MF, the group container is often in a different part of the LDAP repository hierarchy than the other Enterprise Server LDAP data. This might require the base, user container, group container, and resource container to be configured appropriately.
In some cases, it might be necessary (or simplest) to set base to an empty value, and then send each of the container settings to the full Distinguished Name (DN) of the associated container object.
With the combined groups mode (group type=both), Active Directory groups and custom groups can be in different container objects. To enable the MLDAP ESM Module to find groups in both containers, set group container to the common ancestor of the two group containers, and enable subtree searching with search scope=tree.
If you are using more than one Security Manager, you might need to enable federation in the region's security configuration. See Security Federation for more information.