Examples: Managed Role Definition; Table 5-1 Object Classses And Attributes For Roles - Netscape DIRECTORY SERVER 6.1 - ADMINISTRATOR Administrator's Manual

• Members of a filtered role are entries that match the filter specified in the
attribute.
nsRoleFilter
• Members of a nested role are members of the roles specified in the
attributes of the nested role definition entry.
Table 5-1 lists the new object classes and attributes associated with each type of
role.
Table 5-1 Object Classses and Attributes for Roles
Role Type Object Classes
Managed Role nsSimpleRoleDefinition
nsManagedRoleDefinition
Filtered Role nsComplexRoleDefinition
nsFilteredRoleDefinition
Nested Role nsComplexRoleDefinition
nsNestedRoleDefinition
NOTE In some cases you need to protect the value of the
attribute with an ACI, as the attribute is writable. For more
information about security and roles, refer to "Using Roles
Securely," on page 175.

Examples: Managed Role Definition

You want to create a role to be assigned to all marketing staff. Run the
script as follows:
ldapmodify -D "cn=Directory Manager" -w secret -h host -p 389
Specify the managed role as follows:
dn: cn=Marketing,ou=people,dc=example,dc=com
objectclass: top
objectclass: LDAPsubentry
objectclass: nsRoleDefinition
objectclass: nsSimpleRoleDefinition
objectclass: nsManagedRoleDefinition
cn: Marketing
description: managed role for marketing staff
Attributes
Description (optional)
nsRoleFilter
Description (optional)
nsRoleDN
Description (optional)
nsRoleDN
Chapter 5 Advanced Entry Management
Using Roles
nsRoleDN
ldapmodify
173