Red Hat DIRECTORY SERVER 8.0 - ADMINISTRATION Administration Manual page 137

ldapmodify -a -D "cn=Directory Manager" -w secret -h host -p 389
2. Create the managed role entry, containing the nsManagedRoleDefinition object class, which
in turn inherits from the LdapSubEntry, nsRoleDefinition, and nsSimpleRoleDefinition
object classes.
dn: cn=Marketing,ou=people,dc=example,dc=com
objectclass: top
objectclass: LdapSubEntry
objectclass: nsRoleDefinition
objectclass: nsSimpleRoleDefinition
objectclass: nsManagedRoleDefinition
cn: Marketing
description: managed role for marketing staff
3. Assign the role to a marketing staff member named Bob, using ldapmodify:
ldapmodify -D "cn=Directory Manager" -w secret -h host -p 389
dn: cn=Bob,ou=people,dc=example,dc=com
changetype: modify
add: nsRoleDN
nsRoleDN: cn=Marketing,ou=people,dc=example,dc=com
The nsRoleDN attribute in the entry indicates that the entry is a member of a managed role,
cn=Marketing,ou=people,dc=example,dc=com.
5.1.3.2. Example: Filtered Role Definition
Example Corporation's administrator is creating a filtered role for sales managers.
1. Run ldapmodify with the -a option to add a new entry:
ldapmodify -a -D "cn=Directory Manager" -w secret -h host -p 389
2. Create the filtered role entry.
The role entry has the nsFilteredRoleDefinition object class, which inherits from the
LdapSubEntry, nsRoleDefinition, and nsComplexRoleDefinition object classes.
The nsRoleFilter attribute sets a filter for o (organization) attributes that contain a value of
sales managers.
dn: cn=SalesManagerFilter,ou=people,dc=example,dc=com
objectclass: top
objectclass: LDAPsubentry
objectclass: nsRoleDefinition
objectclass: nsComplexRoleDefinition
objectclass: nsFilteredRoleDefinition
cn: SalesManagerFilter
nsRoleFilter: o=sales managers
Description: filtered role for sales managers
Managing Roles Using the Command-Line
119