1. Manuals
  2. Brands
  3. Netscape Manuals
  4. Server
  5. NETSCAPE DIRECTORY SERVER 7.0 - DEPLOYMENT
  6. Deployment manual

Deciding Between Roles And Groups - Netscape DIRECTORY SERVER 7.0 - DEPLOYMENT Deployment Manual

Hide thumbs
Table of Contents

Advertisement

Grouping Directory Entries
Remove a particular role from a given entry.
Each role has members, entries that possess the role. You can specify members
either explicitly (meaning each entry contains an attribute associating it with a
role) or dynamically (by creating a filter that assigns entries to roles depending
upon an attribute contained by the entry). How you specify role membership
depends upon the type of role you are using. There are three types of roles:
Managed roles — A managed role allows you to create an explicit
enumerated list of members. Managed roles are added to entries using the
nsRoleDN
Filtered roles — A filtered role allows you to assign entries to the role
depending upon the attribute contained by each entry. You do this by
specifying an LDAP filter. Entries that match the filter are said to possess the
role.
Nested roles — A nested role allows you to create roles that contain other
roles. You specify the roles nested within it using the

Deciding Between Roles and Groups

Both methods of grouping entries have advantages and disadvantages. Roles
reduce client-side complexity at the cost of increased server complexity. With
roles, the client application can check role membership by searching the
attribute. From the client application point of view, the method for checking
membership is uniform and is performed on the server side.
Dynamic groups, from an application point of view, offer no support from the
server to provide a list of group members. Instead, the application retrieves the
group definitions and then runs the filter. For static groups, the application must
make sure the user is part of a particular
method for determining group membership is not uniform.
You can use managed roles to do everything you would normally do with static
groups. You can filter group members using filtered roles as you used to do with
dynamic groups.
While roles are easier to use, more flexible, and reduce client complexity, they do
so at the cost of increased server complexity. Determining role membership is
more resource intensive because the server does the work for the client
application.
72
Netscape Directory Server Deployment Guide • October 2004
attribute.
nsRoleDN
attribute value. The
UniqueMember
attribute.
nsRole

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the NETSCAPE DIRECTORY SERVER 7.0 - DEPLOYMENT and is the answer not in the manual?

Questions and answers

Related Manuals for Netscape NETSCAPE DIRECTORY SERVER 7.0 - DEPLOYMENT

Related Content for Netscape NETSCAPE DIRECTORY SERVER 7.0 - DEPLOYMENT

This manual is also suitable for:

Netscape directory server 7.0

Table of Contents