Use this page to establish an identity object and other object-related search parameters.
Identity Object
This is the object that the LDAP server uses to log in to the tree as, to query.
In order to perform the search specified, iManager uses a specific identity so that the results will always be consistent. The identity object must have authentication credentials so iManager can authenticate as the identity object. The identity object must have a password set.
For example, if you choose to use the dynamic group object itself as the identity object you will need to set a password on the dynamic group. In order for the dynamic member evaluation to work, the object specified as the identity object must be present on the same partition as the dynamic group object. The identity object defaults to [Public] unless another object is specified. [Public] may not have sufficient rights to read and compare attributes.
For example, if you set the Filter to (&(title=manager)), the [Public] identity might not be able to read or compare the title or many other attributes. The Identity object must have sufficient rights to the Base dn level and below to determine dynamic group membership.
Time Out
Populating this field is not mandatory and is best left blank unless you give iManager a reasonable amount of time to load the objects it finds. This setting determines how long to wait to get results from another server during a dynamic groups member search when the search operation spans across servers. The time interval is specified in seconds, and once reached, will terminate the search. Any members found before the search is terminated are included in the list. The behavior of Allow Unknowns is considered when the membership cannot be determined because of a timeout.
IMPORTANT: If you do not allow enough time for iManager to load and it times out, the object becomes unusable. You must delete the object and start over.
Allow Duplicates
While listing the members of a dynamic group, this specifies whether or not duplicates will be found in the All Members list. Duplicates may occur if an object is found in the search result of the Dynamic Members, as well as the Included Members; but if Allow Duplicates is not checked, then the server will eliminate the duplicates. By allowing duplicates, the administrator can reduce the load on the server while listing dynamic group members.
Allow Unknowns
This attribute determines the inclusion or exclusion of members in the dynamic group when the membership cannot be correctly determined. For example, if the search specified is not fully done because one of the replicas is not accessible, then if Allow Unknowns is checked, the object in question will be considered to be a member of the dynamic group. In short, unless the implications of checking this setting are fully understood, the administrator should always leave it unchecked.
A trademark symbol (®, ™, etc.) denotes a Novell trademark. An asterisk (*) denotes a third-party trademark. For more information, see Legal Notices.