Using Roles
•
Managed roles — A managed role allows you to create an explicit
enumerated list of members.
•
Filtered roles — A filtered role allows you to assign entries to the role
depending upon the attribute contained by each entry. You do this by
specifying an LDAP filter. Entries that match the filter are said to possess the
role.
•
Nested roles — A nested role allows you to create roles that contain other
roles.
For more information about how roles work, refer to Red Hat Directory Server
Deployment Guide.
The concept of activating/inactivating roles is introduced to enable you to
activate/inactivate groups of entries in just one operation. That is, you can
temporarily disable the members of a role by inactivating the role to which they
belong.
When a role is said to be inactivated, it does not mean that you cannot bind to the
server using that role entry. The meaning of an inactivated role is that you cannot
bind to the server using any of the entries that belong to that role—the entries that
belong to an inactivated role will have the
In the case of the nested role, an inactivated nested role means that you cannot
bind to the server using an entry that belongs to a role that is a member of the
nested role. All the entries that belong to a role that directly or indirectly are
members of the nested role (one may have several levels of nested roles) will have
nsaccountlock
Managing Roles Using the Console
This section contains the following procedures for creating and modifying roles:
•
Creating a Managed Role
•
Creating a Filtered Role
•
Creating a Nested Role
•
Viewing and Editing an Entry's Roles
•
Modifying a Role Entry
•
Making a Role Inactive
•
Reactivating a Role
172
Red Hat Directory Server Administrator's Guide • May 2005
set to
.
true
attribute set to
nsaccountlock
.
true