330Note: The procedures in this chapter should be attempted only byexperienced users.In This ChapterReturning User Group Information ........................................................330Setting the Registry to Permit Write Operations to the Schema ...........331Creating a New Attribute .......................................................................331Adding Attributes to the Class ...............................................................332Updating the Schema Cache.................................................................334Editing rciusergroup Attributes for User Members ................................334Returning User Group InformationUse the information in this section to return User Group information (andassist with authorization) once authentication is successful.From LDAP/LDAPSWhen an LDAP/LDAPS authentication is successful, the KX IIdetermines the permissions for a given user based on the permissions ofthe user's group. Your remote LDAP server can provide these user groupnames by returning an attribute named as follows:rciusergroup attribute type: stringThis may require a schema extension on your LDAP/LDAPS server.Consult your authentication server administrator to enable this attribute.In addition, for Microsoft® Active Directory®, the standard LDAPmemberOf is used.From Microsoft Active DirectoryNote: This should be attempted only by an experienced Active Directory®administrator.Returning user group information from Microsoft's® Active Directory forWindows 2000® operating system server requires updating theLDAP/LDAPS schema. See your Microsoft documentation for details.1. Install the schema plug-in for Active Directory. See Microsoft ActiveDirectory documentation for instructions.2. Run Active Directory Console and select Active Directory Schema.Appendix D Updating the LDAP Schema