Search for	Example	Results
A single word	`cat`	Topics that contain the word "cat". You will also find its grammatical variations, such as "cats".
A phrase. You can specify that the search results contain a specific phrase.	`"cat food"` (quotation marks)	Topics that contain the literal phrase "cat food" and all its grammatical variations. Without the quotation marks, the query is equivalent to specifying an OR operator, which finds topics with one of the individual words instead of the phrase.

Search for	Operator	Example
Two or more words in the same topic	`AND` `and` `+` (plus symbol) `&` (ampersand)	`cat AND dog` `"cat food"+milk` `"cat food"&"dog food"`
Either word in a topic	`OR` `or` `\|` (pipe)	`cat OR dog` `cat \| dog`
Topics that do not contain a specific word or phrase	`NOT` `not` `!` (exclamation point)	`NOT cat` `! dog`
Topics that contain one string and do not contain another	`^` (caret)	`cat ^ mouse`
A combination of search types	`( )` parentheses	`cat + (dog \| mouse)` `cat \| dog + (! mouse)`

Universal CMDB11.0

Use > Hardening > Universal CMDB Login Authentication > Example: How to Configure Dynamic LDAP Groups

Example: How to Configure Dynamic LDAP Groups

Starting with version 10.32, support for dynamic groups is available. This example shows how to configure dynamic LDAP groups in UCMDB server.

In the LDAP server we have created a user with the ID common_user.

Next we add a dynamic group containing this user:

This group is in the same organization unit OU:Groups with our previous non-root groups.

We add this group to the root group members.

We have the LDAP server configuration previously set.

In SunONE the dynamic groups have the group class different from the static groups: groupOfURLs.

So first we must update the Group Base Filter attribute. In this case the new value will be:

(|(objectclass=groupOfUniqueNames)(objectclass=groupOfURLs))

If our root group is dynamic we must also update the root group filter to contain the: (objectclass=groupOfURLs)

To configure the dynamic groups, use the following JMX Method:

Parameter Name	Parameter description and how to configure the parameter
ldapHost	The host name of an already configured LDAP server. In our case HM: myvm.mylabs.adapps.mydomain.com
dynamicGroupsClass	The class from which the groups inherit. In SunONE a static group inherits from the groupOfUniqueNames object class, so in our case it is: groupOfUniqueNames
dynamicGroupsDescAttribute	Defines the description of the dynamic groups. In our case it is the same as for static groups: desc
dynamicGroupsDisplayNameAttribute	Defines the display name of the dynamic groups. We have: cn
dynamicGroupsMemberAttribute	The group members are found using this attribute. For dynamic groups our value is: memberURL
dynamicGroupsNameAttribute	Defines the dynamic group name. We have the same value as for the static groups: cn

Now you have successfully configured the dynamic groups.

In case you want to enable/disable the dynamic group configurations for an LDAP server, you need invoke the useDynamicGroups JMX method by filling the host name and set the isEnabled flag to true/false.

Test if it works:

Now that you have dynamic groups enabled, you can map the dynamic groups to UCMDB groups.

If you authenticate with an LDAP user that is a member of a dynamic group and that group was mapped to a UCMDB group, the user created in UCMDB should now be a member of the mapped UCMDB group.

For example:

We map the LDAP group Dynamic to the UCMDB groups we want. We mapped it to a group named Admin with the admin and superadmin roles.

We have our user common_user. With the dynamic groups disabled, we authenticate with the common_user. Because the user cannot be found in the Dynamic group, he/she will be mapped to the default UCMDB group configured in the LDAP setting. In our case UCMDBGroup:

Now we enable dynamic groups. If the settings are right and we authenticate again with the common_user, now we will be mapped to the mapped UCMDB group (Admin):

Send Help Center feedback