260Note: The procedures in this chapter should be attempted only byexperienced users.In This ChapterReturning User Group Information........................................................ 260Setting the Registry to Permit Write Operations to the Schema .......... 261Creating a New Attribute....................................................................... 261Adding Attributes to the Class .............................................................. 262Updating the Schema Cache................................................................ 264Editing rciusergroup Attributes for User Members................................ 264Returning User Group InformationUse the information in this section to return User Group information (andassist with authorization) once authentication is successful.From LDAPWhen an LDAP/LDAPS authentication is successful, the Dominion KX IIdetermines the permissions for a given user based on the permissions ofthe user's group. Your remote LDAP server can provide these user groupnames by returning an attribute named as follows:rciusergroup attribute type: stringThis may require a schema extension on your LDAP/LDAPS server.Consult your authentication server administrator to enable this attribute.From Microsoft Active DirectoryNote: This should be attempted only by an experienced Active Directoryadministrator.Returning user group information from Microsoft's Active Directory forWindows 2000 Server requires updating the LDAP/LDAPS schema. Seeyour Microsoft documentation for details.1. Install the schema plug-in for Active Directory. See Microsoft ActiveDirectory documentation for instructions.2. Run Active Directory Console and select Active Directory Schema.Appendix B Updating the LDAP Schema