Novell ACCESS MANAGER 3.1 SP2 - POLICY GUIDE 2010 Manual page 46

LDAP Group: Activates a role based on an LDAP Group attribute. Select either [Current] or
browse to the DN of the group by selecting the Identity Server and User Store. The value for
this option is the DN of the group. If you select [Current], the value can be a list of the groups
the user belongs to. The [Current] value makes the DN of each group in the attribute into a role.
If you select to browse to the DN of the group and you have more than 250 groups in your tree,
you are prompted to enter an LDAP query string. In the text box, you need to add only the
<strFilter> value for the query. For example:
<strFilter> Value
admin*
*test
*low*
For more information about the <strFilter> parameter, see RFC 2254 "LDAP Search Filter."
This action does not query all the static and dynamic groups on the LDAP server to see if the
user belongs to them, but uses the user's group membership attribute to create the list. If you
want to use this longer query, you need to create a policy extension. For a sample extension that
does this, see
developer.novell.com/wiki/index.php/
Novell_Access_Manager_Developer_Tools_and_Examples).
LDAP OU: Activates a role based on the Organizational Unit in the user's DN. Select either
[Current] or browse to the DN of the OU by selecting the Identity Server and User Store. The
value for this option is the DN of the OU.
If you select to browse to the DN of the OU and you have more than 250 OUs defined in your
tree, you are prompted to enter an LDAP query string. In the text box, you need to add only the
<strFilter> value for the query. For example:
<strFilter> Value
admin*
*test
*low*
For more information about the <strFilter> parameter, see RFC 2254 "LDAP Search Filter."
Liberty User Profile: If you have a Liberty attribute that is a role, select the attribute from the
list.
Data Extension: If you have created a data extension that calculates a set of roles, select the
extension. For information on creating such an extension, see
Developer Tools and Examples (http://developer.novell.com/wiki/index.php/
Novell_Access_Manager_Developer_Tools_and_Examples).
46 Novell Access Manager 3.1 SP2 Policy Guide
Novell Access Manager Developer Tools and Examples (http://
Description
Returns all groups that begin with admin, such
as adminPR, adminBG, and adminWTH.
Returns all groups that end with test, such as
doctest, softtest, and securtest.
Returns all groups that have "low" in the name,
such as low, yellow, and clowns.
Description
Returns all OUs that begin with admin, such as
adminPR, adminBG, and adminWTH.
Returns all OUs that end with test, such as
doctest, softtest, and securtest.
Returns all OUs that have "low" in the name,
such as low, yellow, and clowns.
Novell Access Manager