283Note: The procedures in this chapter should be attempted only byexperienced users.In This ChapterReturning User Group Information ........................................................283Setting the Registry to Permit Write Operations to the Schema ...........284Creating a New Attribute .......................................................................284Adding Attributes to the Class ...............................................................285Updating the Schema Cache.................................................................287Editing rciusergroup Attributes for User Members ................................287Returning User Group InformationUse the information in this section to return User Group information (andassist with authorization) once authentication is successful.From LDAPWhen an LDAP/LDAPS authentication is successful, the Dominion KX IIdetermines the permissions for a given user based on the permissions ofthe user's group. Your remote LDAP server can provide these user groupnames by returning an attribute named as follows:rciusergroup attribute type: stringThis may require a schema extension on your LDAP/LDAPS server.Consult your authentication server administrator to enable this attribute.From Microsoft Active DirectoryNote: This should be attempted only by an experienced Active Directory®administrator.Returning user group information from Microsoft's® Active Directory forWindows 2000® server requires updating the LDAP/LDAPS schema. Seeyour Microsoft documentation for details.1. Install the schema plug-in for Active Directory. See Microsoft ActiveDirectory documentation for instructions.2. Run Active Directory Console and select Active Directory Schema.Appendix B Updating the LDAP Schema