193Note: The procedures in this chapter should be attempted only byexperienced users.In This ChapterReturning User Group Information ........................................................193Setting the Registry to Permit Write Operations to the Schema ...........194Creating a New Attribute .......................................................................194Adding Attributes to the Class ...............................................................195Updating the Schema Cache.................................................................197Editing rciusergroup Attributes for User Members ................................197Returning User Group InformationUse the information in this section to return User Group information (andassist with authorization) once authentication is successful.From LDAPWhen an LDAP/LDAPS authentication is successful, the KX II-101-V2determines the permissions for a given user based on the permissions ofthe user's group. Your remote LDAP server can provide these user groupnames by returning an attribute named as follows:rciusergroup attribute type: stringThis may require a schema extension on your LDAP/LDAPS server.Consult your authentication server administrator to enable this attribute.From Microsoft Active DirectoryNote: This should be attempted only by an experienced Active Directory®administrator.Returning user group information from Microsoft's® Active Directory forWindows 2000® operating system server requires updating theLDAP/LDAPS schema. See your Microsoft documentation for details.1. Install the schema plug-in for Active Directory. See Microsoft ActiveDirectory documentation for instructions.2. Run Active Directory Console and select Active Directory Schema.Appendix B Updating the LDAP Schema
