Group attributes in classic RFC 2307 zones
There are two object classes for the group extension object created in the Groups sub-container of the zone: the serviceConnectionPoint object class and the posixAccount object class.
Group attribute | Stored in Active Directory attribute |
UnixName |
cn:GroupName For example: cn:performx |
GroupVersion |
displayName:GroupVersion This attribute determines compatibility between a group profile object and the Access manager console. The only valid value for this attribute is $CimsGroupVersion3. For example: displayName:$CimsGroupVersion3 |
Gid |
gidNumber:value For example: gidNumber:458 |
ParentLink |
managedBy:DN_ActiveDirectoryGroup If the zone is a 2.x and 3.x compatible zone , you should set this attribute to the DN of the parent Active Directory group object. For example: managedBy:cn=interns,cn=users,dc=ice,dc=net If the zone does not need to be compatible with older versions of Centrify software, you can use the keywords attribute and parentLink pseudo-attribute to specify the security identifier (SID) of the parent Active Directory group object. For example: keywords:parentLink:S-n-n-nn-nnn.. |
UnixEnabled |
keywords:unix_enabled:value For example: keywords:unix_enabled:True |
ForeignForest |
keywords:foreign:value This attribute indicates whether a group in a zone is from an external forest. For example: keywords:foreign:False |
Note: The posixGroup group membership attributes are not set. Centrify uses the normal Active Directory mechanism for determining group membership.