The Group and Member recognition settings represent a list of object classes which contain information on dynamic groups, static groups (groups) and members. The application uses these settings to query the directory server for groups/members, to analyze the information received, to link members, static and dynamic groups with each other and to display results of the above actions. Here is what group or member recognition information consists of:

Use either the Member Search, Group Search or Dynamic Group Search property page to add new, edit, remove or reorder member, group or dynamic group recognition settings respectively. It's recommended you move your preferred object classes to the top because the application uses them for recognition in the order they are displayed in the list.

Now, to add a new object class, click the Add button. To edit parameters of an existing object class, select one and click Edit. To remove an object class, select one and click Remove.

The Group and Member Search settings specify a 'range' in your directory where the application should search for groups and members. By default, the group and member search is performed throughout the entire DIT and every single group and member gets included to the result. However, if you'd like to narrow the search down to one or more specific directory locations, you can do it by manually editing search settings via the Member Search Settings or Group Search Settings or Dynamic Group Search Settings buttons.

To specify one of more search branches, select the Search in branches radio button and then click Add to specify a new search branch. To edit an existing branch, select one and click Edit. To remove an existing branch, select one and click Remove. An empty list of branches is equal to selecting the Search the entire tree option.

Here is what each search branch specification item consists of:

The Enable Paging option is recommended if your directory server limits the number of entries to be returned per one search request. Such restriction could be indicated by errors like 'Size Limit Exceeded' or 'Administrative Limit Exceeded'. For more information on paging, please consult the Paging Overview section.

In case you'd like the application to handle referrals to other servers during search, check the Handle Referrals option.

Some LDAP servers, like Active Directory, update referential integrity between groups and members automatically every time you renew your list of group members. In other words, these servers make sure that there is a cross link between a group and a member. However, it's possible that your server does not support automatic updates of cross references. So, in case you still want cross links to be automatically updated on a server that does not support referential integrity, you should check the Ensure referential integrity box.

In small-sized directories, where numbers of members/groups are relatively low (making it possible to fit them all in a page inside the wizard), it is recommended that you consider using the Automatically Fetch All Available Objects option. It enables background retrieval and listing of all available members/groups 'on the fly' while changing group membership of some object at the same time, without having to explicitly press the Search button to start or resume fetching. So, having the Automatically Fetch All Available Objects option in the Member Settings checked means that the retrieval will include all the members/groups available under a current profile and will start automatically upon launching the wizard.

POSIX group allows to use uid attribute instead of distinguished name to specify members of a group. So, if you want to use uid instead of DN as a membership value, you should check the POSIX group support box.