Red Hat Directory Server 8.0 Administrator's Guide
A dialog box appears to confirm the deletion. Click Yes.
NOTE
Deleting a role deletes the role entry but does not delete the nsRoleDN attribute
for each role member. To delete the nsRoleDN attribute for each role member,
enable the Referential Integrity plug-in, and configure it to manage the nsRoleDN
attribute. For more information on the Referential Integrity plug-in, see Section 5,
“Maintaining Referential Integrity”.
1.3. Managing Roles Using the Command-Line
Roles inherit from the ldapsubentry object class, which is defined in the ITU X.509 standard. In
addition, each type of role has two specific object classes that inherit from the
nsRoleDefinition object class. Once a role is created, members are assigned to it as follows:
• Members of a managed role have the nsRoleDN attribute in their entry.
• Members of a filtered role are entries that match the filter specified in the nsRoleFilter
attribute.
• Members of a nested role are members of the roles specified in the nsRoleDN attributes of the
nested role definition entry.
Table 5.1, “Object Classes and Attributes for Roles” lists the object classes and attributes
associated with each type of role.
Role Type Object Classes Attributes
Managed Role
nsSimpleRoleDefinition
nsManagedRoleDefinition
description (optional)
Filtered Role
nsComplexRoleDefinition
nsFilteredRoleDefinition
nsRoleFilter
Description (optional)
Nested Role
nsComplexRoleDefinition
nsNestedRoleDefinition
nsRoleDN
Description (optional)
Table 5.1. Object Classes and Attributes for Roles
The attributes nsRole and nsRoleDN are operational attributes. This means that they are not
present in the schema of the entry and may be added to any entry, regardless of schema. This
Managing Roles Using the Command-Line
139