A group must be ‘imported’ before it can be used to secure access to web applications secured by TAMeb. ‘Imported’ is in quotations because TAMeb uses the directory service to store a TAMeb object that shadows the directory service group object. The shadow object does not exist on any TAMeb server.
The group naming standard for applications to be secured by TAMeb should not include spaces, such as
Web_<application relevant name>[_permission]
Use the “_” character. Spaces are not allowed. It is possible to import a group containing spaces by double quoting the name; however, doing so will play havoc with some applications. For example, the space character, “ “, is converted to “%20” in headers. Inadequately designed applications cannot handle the conversion gracefully and will fail on authorization.
A list of groups imported to TAMeb can be obtained with the command syntax
pdadmin sec_master> group list <pattern or *> <number to be returned>
Example:
pdadmin sec_master> group list Web_* 20
Using pdadmin, a group object can be imported using the following syntax:
pdadmin sec_master> group import <dn>
For example, enter the following on one line for a hypothetical group:
pdadmin sec_master> group import cn=Web_AccessGrp,ou=Groups,dc=company,dc=com
To check the status of the group enter
pdadmin> group show Web_AccessGrp
To list members of the group that have been imported into TAMeb, enter
pdadmin> group show-members Web_AccessGrp