282Note: The procedures in this chapter should be attempted only byexperienced users.In This ChapterReturning User Group Information ........................................................282Setting the Registry to Permit Write Operations to the Schema ...........283Creating a New Attribute .......................................................................283Adding Attributes to the Class ...............................................................284Updating the Schema Cache.................................................................286Editing rciusergroup Attributes for User Members ................................286Returning User Group InformationUse the information in this section to return User Group information (andassist with authorization) once authentication is successful.From LDAP/LDAPSWhen an LDAP/LDAPS authentication is successful, the KX IIdetermines the permissions for a given user based on the permissions ofthe user's group. Your remote LDAP server can provide these user groupnames by returning an attribute named as follows:rciusergroup attribute type: stringThis may require a schema extension on your LDAP/LDAPS server.Consult your authentication server administrator to enable this attribute.In addition, for Microsoft® Active Directory®, the standard LDAPmemberOf is used.From Microsoft Active DirectoryNote: This should be attempted only by an experienced Active Directory®administrator.Returning user group information from Microsoft's® Active Directory forWindows 2000® operating system server requires updating theLDAP/LDAPS schema. See your Microsoft documentation for details.1. Install the schema plug-in for Active Directory. See Microsoft ActiveDirectory documentation for instructions.2. Run Active Directory Console and select Active Directory Schema.Appendix B Updating the LDAP Schema