Manualshelf

HP-UX Directory Server 8.1 administrator guide

ManualsBrandsHP ManualsSoftwareHP-UX Directory Server
181182183184185186187188189190
changetype: modify
add: nsRoleDN
nsRoleDN: cn=Marketing,ou=people,dc=example,dc=com
The nsRoleDN attribute in the entry indicates that the entry is a member of a managed role,
cn=Marketing,ou=people,dc=example,dc=com.
5.1.3.2 Example: filtered role definition
This example creates a filtered role that is applied to all sales managers
1. Run ldapmodify:
ldapmodify -D "cn=Directory Manager" -w secret -h host -p 389
2. Create the filtered role entry.
The role entry has the nsFilteredRoleDefinition object class, which inherits from the
LdapSubEntry, nsRoleDefinition, and nsComplexRoleDefinition object classes.
The nsRoleFilter attribute sets a filter for o (organization) attributes that contain a value
of sales managers.
dn: cn=SalesManagerFilter,ou=people,dc=example,dc=com
objectclass: top
objectclass: LDAPsubentry
objectclass: nsRoleDefinition
objectclass: nsComplexRoleDefinition
objectclass: nsFilteredRoleDefinition
cn: SalesManagerFilter
nsRoleFilter: o=sales managers
Description: filtered role for sales managers
The following entry matches the filter (possesses the o attribute with the value sales managers),
and, therefore, it is a member of this filtered role automatically:
dn: cn=Pat Smith,ou=people,dc=example,dc=com
objectclass: person
cn: Pat
sn: Smith
userPassword: secret
o: sales managers
5.1.3.3 Example: nested role definition
This example creates a single role out of the managed marketing role and filtered sales manager
role.
1. Run ldapmodify:
ldapmodify -D "cn=Directory Manager" -w secret -h host -p 389
2. Create the nested role entry. The nested role has the four object classes:
nsNestedRoleDefinition
LDAPsubentry (inherited)
nsRoleDefinition (inherited)
nsComplexRoleDefinition (inherited)
The nsRoleDN attributes contain the DNs for both the marketing managed role and the
sales managers filtered role.
dn: cn=MarketingSales,ou=people,dc=example,dc=com
objectclass: top
objectclass: LDAPsubentry
objectclass: nsRoleDefinition
objectclass: nsComplexRoleDefinition
objectclass: nsNestedRoleDefinition
cn: MarketingSales
186 Organizing entries with roles, class of service, and views