Configuring LDAP for Use with Nested Groups

If you use LDAP with Active Directory, you have the option to use nested groups with TDV.

Nested groups allow you to define a group as a member of another group, allowing inheritance of permissions.

Note: The privileges on a parent group can be inherited only by up to 2 child level groups.

To configure your TDV LDAP environment for use with nested groups

1.

Configure TDV for use with LDAP.

2.

Locate the LDAP properties file, which is in the following directory:

<TDV_install_dir>/conf/server/ldap.properties

3.

In a text editor, locate the Active Directory section with group context search properties. For example:

activedirectory.all.groups.search.context=cn=users

activedirectory.all.groups.filter=(&(objectclass=group))

activedirectory.all.groups.groupname.attribute=cn

activedirectory.all.groups.search.timeout=0

4.

Add the following two lines below the section:

activedirectory.user.parentgroups.filter=(&(distinguishedName=USERDN)(objectclass=group)(objectCategory=group))

activedirectory.user.parentgroups.attribute=memberOf 

5.

Save the file.

6.

Restart the TDV Server.