Managing Roles Using The Command Line; Examples: Managed Role Definition; Table 5-1 Object Classses And Attributes For Roles - Netscape DIRECTORY SERVER 6.2 - ADMINISTRATOR Administrator's Manual

Managing Roles Using the Command Line

Roles inherit from the
X.509 standard. In addition, each type of role has two specific object classes that
inherits from the
nsRoleDefinition
assign members to it as follows:
• Members of a managed role have the
• Members of a filtered role are entries that match the filter specified in the
attribute.
nsRoleFilter
• Members of a nested role are members of the roles specified in the
attributes of the nested role definition entry.
Table 5-1 lists the new object classes and attributes associated with each type of
role.
Table 5-1 Object Classses and Attributes for Roles
Role Type Object Classes
Managed Role nsSimpleRoleDefinition
nsManagedRoleDefinition
Filtered Role nsComplexRoleDefinition
nsFilteredRoleDefinition
Nested Role nsComplexRoleDefinition
nsNestedRoleDefinition
NOTE In some cases you need to protect the value of the
attribute with an ACI, as the attribute is writable. For more
information about security and roles, refer to "Using Roles
Securely," on page 175.

Examples: Managed Role Definition

You want to create a role to be assigned to all marketing staff. Run the
script as follows:
ldapmodify -D "cn=Directory Manager" -w secret -h host -p 389
object class, which is defined in the ISO/IEC
ldapsubentry
object class. Once you create a role, you
nsRoleDN
attribute in their entry.
Attributes
Description (optional)
nsRoleFilter
Description (optional)
nsRoleDN
Description (optional)
nsRoleDN
Chapter 5 Advanced Entry Management
Using Roles
nsRoleDN
ldapmodify
173