- How LDAP Group Extraction Works from the User Object Directly
- How LDAP Group Extraction Works from the Group Object Indirectly
- LDAP Authorization Group Attribute Fields
- To configure LDAP authorization
- Configuring LDAP Nested Group Extraction
LDAP servers that evaluate group memberships from group objects work with NetScaler Gateway authorization.
Some LDAP servers enable user objects to contain information about groups to which the objects belong, such as Active Directory (by using the memberOf attribute) or IBM eDirectory (by using the groupMembership attribute). A user’s group membership can be attributes from the user object, such as IBM Directory Server (by using ibm-allGroups) or Sun ONE directory server (by using nsRole). Both of these types of LDAP servers work with NetScaler Gateway group extraction.
For example, in IBM Directory Server, all group memberships, including the static, dynamic, and nested groups, can be returned through the use of the ibm-allGroups attribute. In Sun ONE, all roles, including managed, filtered, and nested, are calculated through the use of the nsRole attribute.