Grouping Directory Entries; About Roles - Netscape DIRECTORY SERVER 6.2 - DEPLOYMENT Deployment Manual

Grouping Directory Entries

Once you have created entries, you can group them for ease of administration.
The Directory Server supports several methods for grouping entries and
sharing attributes between entries:
• Using roles
• Using class of service
The following sections describe each of these mechanisms in more detail.

About Roles

Roles are a new entry grouping mechanism. Your directory tree organizes
information hierarchically. This hierarchy is a grouping mechanism, though it is
not suited for short-lived, changing organizations. Roles provide another grouping
mechanism for more temporary organizational structures.
Roles unify static and dynamic groups. You use static groups to create a group
entry that contains a list of members. Dynamic groups allow you to filter entries
that contain a particular attribute and include them in a single group.
Each entry assigned to a role contains the
that specifies all of the roles an entry belongs to. A client application can check role
membership by searching the
and therefore always up-to-date.
Roles are designed to be more efficient and easier to use for applications. For
example, applications can locate the roles of an entry, rather than select a group
and browse the members list.
You can use roles to do the following:
• Enumerate the members of the role.
Having an enumerated list of role members can be useful for resolving queries
for group members quickly.
• Determine whether a given entry possesses a particular role.
Knowing the roles possessed by an entry can help you determine whether the
entry possesses the target role.
• Enumerate all the roles possessed by a given entry.
• Assign a particular role to a given entry.
attribute, a computed attribute
nsRole
attribute, which is computed by the directory
nsRole
Chapter 4
Grouping Directory Entries
Designing the Directory Tree 71