Creating A Filtered Role; Creating A Nested Role - Red Hat DIRECTORY SERVER 7.1 - ADMINISTRATOR Administrator's Manual

Using Roles

Creating a Filtered Role

You assign entries to a filtered role depending upon a particular attribute
contained by each entry. You do this by specifying an LDAP filter. Entries that
match the filter are said to possess the role.
To create and add members to a filtered role:
Follow steps 1-5 of "Creating a Managed Role," on page 173.
1.
Click Members in the left pane.
2.
A search dialog box appears briefly.
In the right pane, select Filtered Role.
3.
Enter an LDAP filter in the text field, or click Construct to be guided through
4.
the construction of an LDAP filter.
If you click Construct, the standard LDAP URL construction dialog appears.
5.
Disregard the LDAP Server Host, Port, Base DN, and Search (as you cannot
specify a search scope for filtered role definitions) fields.
a.
b.
c.
Click Test to try your filter.
6.
A Filter Test Result dialog box displays the entries matching your filter.
Click OK.
7.
The new role appears in the right pane.

Creating a Nested Role

Nested roles allow you to create roles that contain other roles. Before you create a
nested role, another role must exist. When you create a nested role, the Console
displays a list of the roles available for nesting. The roles nested within the nested
role are specified using the
174 Red Hat Directory Server Administrator's Guide • May 2005
Select the types of entries you want to filter from the "For" drop-down
list.
You can choose between users, groups, or both.
Select an attribute from the "Where" drop-down list. The two fields
following it allow you to refine your search by selecting one of the
qualifiers from the drop-down list (such as contains, does not contain, is,
is not) and enter an attribute value in the text box. To add additional
filters, click More. To remove unnecessary filters, click Fewer.
Click OK to save your filter.
nsRoleDN
attribute.