HP-UX Directory Server 8.1 administrator guide

NOTE:

The nsAccountLock attribute is an operational attribute and must be explicitly requested in

the search command in the list of search attributes. For example:

ldapsearch ... args ... “(uid=scarter)” \* nsAccountLock

The Console will automatically show the active or inactive status of entries.

5.1.2 Managing roles using the console

This section contains the following procedures for creating and modifying roles:

• “Creating a managed role”

• “Creating a filtered role”

• “Creating a nested role”

• “Viewing and editing an entry's roles”

• “Modifying a role entry”

• “Making a role inactive or active”

• “Deleting a role”

When a role is created, determine whether a user can add themselves or remove themselves from

the role. See “Using roles securely” for more information about roles and access control.

5.1.2.1 Creating a managed role

Managed roles have an explicit enumerated list of members. Managed roles are added to entries

by adding the nsRoleDN attribute to the entry.

To create and add members to a managed role:

1. In the Directory Server Console, select the Directory tab.

2. Browse the tree in the left navigation pane, and select the parent entry for the new role.

3. Go to the Object menu, and select New→Role.

5.1 Using roles 167