This topic has 3 replies, 3 voices, and was last updated 4 years, 11 months ago by dti.

  • Author
  • #18107


    I’m currently evaluating the OpenDJ 3 an got stuck at some Issue redargind this Version. It seems that the OpenDJ 3 is not usable with many groups and users, since there is a bug regarding “CompactDN” with “isMemberOf” searches. Details in the JIRA
    I tried to use a resetPasswort-Policy based on a group membership with the subtreespecification “isMemberOf”. Is there any other possibility to give a user a privilege? There seems to be a way using a virtuell attribute based on a group membership, but it looks like in the end it would also resolved by the isMemberOf specification. Is there any way to workaround this issue? Or is there a bug-fix for the OpenDJ 3?




    If you have a support contract, you can ask for a patch.
    Otherwise you can download 3.5+ releases from backstage, but only for evaluation purposes – not for production.




    There are other ways to assign a privilege to a user. One is to directly set the ds-privilege-name attribute in the user entry.
    This works for a few users, but is less dynamic than associating it with a group.

    Kind regards,


    Hi Ludo,

    Thanks for this answer. Thats right and that was one of my approaches. Any other ideas?

Viewing 4 posts - 1 through 4 (of 4 total)

You must be logged in to reply to this topic.

©2022 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?