Managing Users and Groups

This topic describes how you can use (Java) to programmatically assign, remove, and query domains, users, and groups.

Note: When configuring a domain, you must set the unique identifier for groups and users. The attribute that is chosen must not only be unique within the LDAP environment, but must also be immutable and will not change within the directory. This attribute must also be of a simple string data type (the only exception currently allowed for Active Directory 2000/2003 is "objectsid", which is a binary value). The Novell eDirectory attribute "GUID", for example, is not a simple string data type and therefore will not work.
  • For Active Directory, use "objectsid".

  • For SunOne, use "nsuniqueid".

Note: Creating multiple local users and groups while an LDAP directory synchronization is in progress is not supported. Attempting this process may result in errors.

// Ethnio survey code removed