Karan,
Afaria 7.0 uses the attribute specified on the Server > Configuration > Server \ Security page of the Afaria Administrator when authenticating a user. A query is made against LDAP for an object that matches the value entered by the end-user as their user name. Once we've confirmed that the user is proper, that value is stored in the device record in the database as the AssignmentsUserName.
When user group assignments are handled we query the LDAP server using the AssignmentsUserName and request a list of every group to which that user object is a member. We then check the Distinguished Name for each group against our list of user group definitions to see if that user is a member.
So an LDAP group based on multi-valued attributes is not likely to have any affect on this process one way or the other. We're merely comparing the DN of the groups to which the user is a member against the DNs of the LDAP groups stored when the user group was created. The attributes used to form those groups isn't considered.
Note that Active Directory in SP5 has a different behaviour than LDAP but SP4 and earlier are the same as above.
Hope that helps. If I misunderstood the question, please clarify and we'll be happy to refine the details you need.
Thanks,
Keith Nunn
SAP Active Global Support
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.