Advanced Authentication shows a name from the first, non-empty specified field for an entered group name.
For Active Directory, the default attribute is sAMAccountName. For other repositories, cn is the default attribute.
Advanced Authentication supports the RFC 2037 and RFC 2037 bis. RFC 2037 determines a standard LDAP schema and contains a memberUid attribute (POSIX style). RFC 2037 bis determines an updated LDAP schema and contains a member attribute. Active Directory, LDS, and eDir support RFC 2037 bis. OpenLDAP contains posixAccount and posixGroup that follows RFC 2037.
Advanced Authentication supports the following attributes for the Group Name attributes:
Attribute |
Default Value |
Value for the Repository |
---|---|---|
User Object Class |
user |
OpenDJ and OpenLDAP: person |
Group Object Class |
group |
OpenDJ: groupOfNames OpenLDAP: posixGroup |
Group Member Attribute |
member |
OpenDJ: member OpenLDAP: memberUid. If a required group contains groupOfNames class, disable POSIX style groups. If the group contains posixGroup, enable POSIX style groups.
|
Object ID Attribute |
entryUUID |
This attribute is available only for other LDAP type only. |
NOTE:For information about the Logon filter settings (Legacy logon tag and MFA logon tag), see Configuring Logon Filter.