Example: Filtered Role Definition - Red Hat DIRECTORY SERVER 7.1 - ADMINISTRATOR Administrator's Manual

Notice that the
nsManagedRoleDefinition
,
LDAPsubentry nsRoleDefinition
Assign the role to a marketing staff member named Bob by doing an
as follows:
ldapmodify -D "cn=Directory Manager" -w secret -h host -p 389
dn: cn=Bob,ou=people,dc=example,dc=com
changetype: modify
add: nsRoleDN
nsRoleDN: cn=Marketing,ou=people,dc=example,dc=com
The attribute present in the entry indicates that the entry is a member of
nsRoleDN
a managed role, the marketing managed role
cn=Marketing,ou=people,dc=example,dc=com

Example: Filtered Role Definition

You want to set up a filtered role for sales managers. Run the
follows:
ldapmodify -D "cn=Directory Manager" -w secret -h host -p 389
Specify the filtered role as follows:
dn: cn=SalesManagerFilter,ou=people,dc=example,dc=com
objectclass: top
objectclass: LDAPsubentry
objectclass: nsRoleDefinition
objectclass: nsComplexRoleDefinition
objectclass: nsFilteredRoleDefinition
cn: SalesManagerFilter
nsRoleFilter: o=sales managers
Description: filtered role for sales managers
Notice that the
nsFilteredRoleDefinition
,
LDAPsubentry nsRoleDefinition
classes. The
nsRoleFilter
contain the value of
sales managers
The following entry matches the filter (possesses the
), and, therefore, it is a member of this filtered role:
sales managers
dn: cn=Pat,ou=people,dc=example,dc=com
objectclass: person
cn: Pat
sn: Pat
userPassword: bigsecret
o: sales managers
object class inherits from the
, and
nsSimpleRoleDefinition
object class inherits from the
, and
nsComplexRoleDefinition
attribute specifies the
.
object classes.
ldapmodify
.
ldapmodify
object
(organization) attributes that
o
attribute with the value
o
Chapter 5 Advanced Entry Management
Using Roles
script as
179