Announcement Announcement Module
No announcement yet.
add group within group Page Title Module
Move Remove Collapse
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • add group within group

    Hi all,

    Could you help me on how I can create a group hierarchy. By referring to the person example I could create groups inside ou=groups. For example I could create cn=grp1,ou=groups.

    My question is is it possible to add another group inside cn=grp1? For example the new group may be cn=grp2,cn=grp1,ou=groups.

    I am looking forward for your suggestion.


  • #2
    It's probably legal to create a new group entry beneath an existing group. The semantics of that is however a completely different question (i.e. what does it mean that a group is nested beneath another one). It all depends on how that data is interpreted by the application that's using it.


    • #3
      Thanks for your response.

      I get the following error if I try to add a group in an existing group:
      javax.naming.InvalidNameException: cn=junitTestGroup, cn=junitTestGroup, ou=groups, o=DEMOCORP, c=AU: [LDAP: error code 64 - Naming Violation]; remaining name 'cn=junitTestGroup, cn=junitTestGroup, ou=groups, o=DEMOCORP, c=AU'
      During my test the group "cn=junitTestGroup, ou=groups, o=DEMOCORP, c=AU" exists. I want to add "cn=junitTestGroup" group in the existing group.

      Relevent part of my code:
      	private DistinguishedName buildDn() {
      		DistinguishedName dn = new DistinguishedName();
      		dn.add("c", "AU");
      		dn.add("o", "DEMOCORP");
      		dn.add("ou", "groups");
      		dn.add("cn", "junitTestGroup");
      		dn.add("cn", "junitTestGroup");
      		return dn;
          private DirContextOperations setAttributes(DirContextOperations adapter) {
              adapter.setAttributeValues("objectclass", new String[] { "top",
                      "groupOfUniqueNames" });
              adapter.setAttributeValue("cn", "junitTestGroup");
              if (group.getMembers() != null && group.getMembers().size() > 0) {
                  adapter.setAttributeValues("uniqueMember", group.getMembers()
                          .toArray(new String[0]));
              return adapter;
      I even tried adding "organizationalUnit" objectclass in the setAttributes method but got the following error when creating the first (parent) group.
      Code: [LDAP: error code 21 - Invalid Attribute Syntax]; remaining name 'ou=junitTestGroup, ou=groups, o=DEMOCORP, c=AU'


      • #4
        I seem to be able to add group within group after using 'organizationalUnit' (let me know if there is a better way). I am not sure why I was getting error before.