Group Attributes in Classic Delinea Zones
A group extension object is a serviceConnectionPoint object that is created in
the Groups sub-container of the zone. The pseudoattributes for this object are
stored in the keywords attribute.
| Group attribute | Stored in Active Directory attribute |
|---|---|
UnixName
|
name:GroupName For SCP objects, the Name attribute is the same as the CN attribute. Either attribute can be set, but attribute use should be consistent with other objects. For example: name:performx |
GroupVersion
|
displayName:GroupVersion This attribute determines compatibility between a group profile object and the Access manager console. The only valid value for this attribute is \$CimsGroupVersion3. For example: displayName:\$CimsGroupVersion3 |
ParentLink
|
managedBy:DN_ActiveDirectoryGroup If the zone is a 2.x and 3.x compatible zone, you should set this attribute to the DN of the parent Active Directory group object. For example: managedBy: cn=interns,cn=users,dc=ice,dc=net If the zone does not need to be compatible with older versions of Delinea software, you can use the keywords attribute and parentLink pseudoattribute to specify the security identifier (SID) of the parent Active Directory group object. For example: keywords:parentLink:S-n-n-nn-nnn.. |
Gid
|
gid:value For example: keywords:gid:458 |
UnixEnabled
|
This attribute is only applicable in classic 4.x zones. |
ForeignForest
|
Not supported in 3.x or 4.x. |
