Example: Filtered Role Definition - Netscape DIRECTORY SERVER 6.02 - ADMINISTRATOR Administrator's Manual

Using Roles
Notice that the
LDAPsubentry
Assign the role to a marketing staff member named Bob by doing an
as follows:
ldapmodify -D "cn=Directory Manager" -w secret -h host -p 389
dn: cn=Bob,ou=people,dc=example,dc=com
changetype: modify
add: nsRoleDN
nsRoleDN: cn=Marketing,ou=people,dc=example,dc=com
The
nsRoleDN
a managed role, the marketing managed role
cn=Marketing,ou=people,dc=example,dc=com

Example: Filtered Role Definition

You want to set up a filtered role for sales managers. Run the
follows:
ldapmodify -D "cn=Directory Manager" -w secret -h host -p 389
Specify the filtered role as follows:
dn: cn=SalesManagerFilter,ou=people,dc=example,dc=com
objectclass: top
objectclass: LDAPsubentry
objectclass: nsRoleDefinition
objectclass: nsComplexRoleDefinition
objectclass: nsFilteredRoleDefinition
cn: SalesManagerFilter
nsRoleFilter: o=sales managers
Description: filtered role for sales managers
Notice that the
LDAPsubentry
classes. The
contain the value of
The following entry matches the filter (possesses the
sales manager
dn: cn=Pat,ou=people,dc=example,dc=com
objectclass: person
cn: Pat
sn: Pat
userPassword: bigsecret
o: sales managers
170 Netscape Directory Server Administrator's Guide • May 2002
nsManagedRoleDefinition
,
nsRoleDefinition
attribute present in the entry indicates that the entry is a member of
nsFilteredRoleDefinition
,
nsRoleDefinition
attribute specifies the
nsRoleFilter
sales managers
) and therefore is a member of this filtered role:
object class inherits from the
and
nsSimpleRoleDefinition
.
object class inherits from the
, and
nsComplexRoleDefinition
(organization) attributes that
o
.
attribute with the value
o
object classes.
ldapmodify
script as
ldapmodify
object