1. Manuals
  2. Brands
  3. Netscape Manuals
  4. Server
  5. NETSCAPE DIRECTORY SERVER 6.0 - DEPLOYMENT
  6. Deployment manual

Deciding Between Roles And Groups; About Class Of Service - Netscape DIRECTORY SERVER 6.0 - DEPLOYMENT Deployment Manual

Hide thumbs
Table of Contents

Advertisement

Grouping Directory Entries
Filtered roles—A filtered role allows you to assign entries to the role
depending upon the attribute contained by each entry. You do this by
specifying an LDAP filter. Entries that match the filter are said to possess the
role.
Nested roles—A nested role allows you to create roles that contain other roles.
You specify the roles nested within it using the

Deciding Between Roles and Groups

Both methods of grouping entries have advantages and disadvantages. Roles
reduce client-side complexity at the cost of increased server complexity. With roles,
the client application can check role membership by searching the
attribute. From the client application point of view, the method for checking
membership is uniform and is performed on the server side.
Dynamic groups, from an application point of view, offer no support from the
server to provide a list of group members. Instead, the application retrieves the
group definitions and then runs the filter. For static groups, the application must
make sure the user is part of a particular
method for determining group membership is not uniform.
You can use managed roles to do everything you would normally do with static
groups. You can filter group members using filtered roles as you used to do with
dynamic groups.
While roles are easier to use, more flexible, and reduce client complexity, they do
so at the cost of increased server complexity. Determining role membership is more
resource intensive because the server does the work for the client application.

About Class of Service

A class of service (CoS) allows you to share attributes between entries in a way that
is invisible to applications. With CoS, some attribute values may not be stored with
the entry itself. Instead, they are generated by class of service logic as the entry is
sent to the client application.
For example, your directory contains thousands of entries that all share the
common attribute
number, you would need to update each entry individually, a large job for
administrators that runs the risk of not updating all entries. With CoS, you can
72
Netscape Directory Server Deployment Guide • December 2001
facsimileTelephoneNumber
nsRoleDN
attribute value. The
UniqueMember
. Traditionally, to change the fax
attribute.
nsRole

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the NETSCAPE DIRECTORY SERVER 6.0 - DEPLOYMENT and is the answer not in the manual?

Questions and answers

Related Manuals for Netscape NETSCAPE DIRECTORY SERVER 6.0 - DEPLOYMENT

Related Content for Netscape NETSCAPE DIRECTORY SERVER 6.0 - DEPLOYMENT

This manual is also suitable for:

Netscape directory server 6.0

Table of Contents