Manualshelf

Red Hat Directory Server 8.0 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX Red Hat Directory Server Software
151152153154155156157158159160
1.2.2. Creating a Filtered Role
Entries are assigned to a filtered role depending upon a particular attribute contained by each
entry. The role definition specifies an LDAP filter for the target attributes. Entries that match the
filter possess (are members of) the role.
To create and add members to a filtered role, do the following:
1. Follow the steps of Section 1.2.1, “Creating a Managed Role”.
2. Click Members in the left pane.
A search dialog box appears briefly.
3. In the right pane, select Filtered Role.
4. Enter an LDAP filter in the text field, or click Construct to be guided through the construction
of an LDAP filter.
5. The Construct opens the standard LDAP URL construction dialog. Ignore the fields for
LDAP Server Host, Port, Base DN, and Search (since the search scope cannot be set
filtered role definitions).
Select the types of entries to filter from the For drop-down list.
The entries can be users, groups, or both.
Select an attribute from the Where drop-down list. The two fields following it refine the
search by selecting one of the qualifiers from the drop-down list, such as contains, does
not contain, is, or is not. Enter an attribute value in the text box. To add additional
filters, click More. To remove unnecessary filters, click Fewer.
Click OK.
6. Click Test to try the filter.
A Filter Test Result dialog box displays the entries matching the filter.
7. Click OK.
The new role appears in the right pane.
NOTE
The nsRoleDN attribute is an operational attribute and must be explicitly
requested in the search command in the list of search attributes. For example:
ldapsearch ... args ... “(uid=scarter)” \* nsRole nsRoleDN
Managing Roles Using the Console
135