Red Hat Directory Server 8.0 Administrator's Guide
Managing Entries with Roles, Class
of Service, and Views
Entries contained within the directory can be grouped in different ways to simplify the
management of user accounts. Red Hat Directory Server supports a variety of methods for
grouping entries and sharing attributes between entries. To take full advantage of the features
offered by roles and class of service, determine the directory topology when planning the
directory deployment.
1. Using Roles
Roles are a new entry grouping mechanism that unify the static and dynamic groups described
in the previous sections. Roles are designed to be more efficient and easier to use for
applications. For example, an application can get the list of roles of which an entry is a member
by querying the entry itself, rather than selecting a group and browsing the members list of
several groups.
This section contains the following topics:
• Section 1.1, “About Roles”
• Section 1.2, “Managing Roles Using the Console”
• Section 1.3, “Managing Roles Using the Command-Line”
• Section 1.4, “Using Roles Securely”
1.1. About Roles
Roles unify the static and dynamic group concept supported by previous versions of Directory
Server.
Roles can be used to organize users in number of different ways:
• To enumerate the members of a role.
Having an enumerated list of role members can be useful for resolving queries for role
members quickly.
• To determine whether a given entry possesses a particular role.
Knowing the roles possessed by an entry can help determine whether the entry possesses
the target role.
• To enumerate all the roles possessed by a given entry.
Chapter 5.
131