Manualshelf

Red Hat Directory Server 8.0 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX Red Hat Directory Server Software
161162163164165166167168169170
Section 2.1, “About CoS”
Section 2.2, “Managing CoS Using the Console”
Section 2.3, “Managing CoS from the Command-Line”
Section 2.4, “Creating Role-Based Attributes”
Section 2.5, “Access Control and CoS”
2.1. About CoS
Clients of the Directory Server read the attributes on a user's entry. With CoS, some attribute
values may not be stored with the entry itself. Instead, they are generated by class of service
logic as the entry is sent to the client application.
Each CoS is comprised of the following two types of entry in the directory:
CoS Definition Entry. The CoS definition entry identifies the type of CoS used. Like the role
definition entry, it inherits from the LDAPsubentry object class. The CoS definition entry is
below the branch at which it is effective.
Template Entry. The CoS template entry contains a list of the shared attribute values.
Changes to the template entry attribute values are automatically applied to all the entries
within the scope of the CoS. A single CoS might have more than one template entry
associated with it.
The CoS definition entry and template entry interact to provide attribute information to their
target entries, any entry within the scope of the CoS.
2.1.1. About the CoS Definition Entry
The CoS definition entry is an instance of the cosSuperDefinition object class. The CoS
definition entry also contains an object class that specifies the type of template entry it uses to
generate the entry. There are three different object classes which can be specified, depending
upon the type of CoS. The target entries share the same parent as the CoS definition entry.
There are three types of CoS, defined using three types of CoS definition entries:
Pointer CoS. A pointer CoS identifies the template entry using the template DN only.
Indirect CoS. An indirect CoS identifies the template entry using the value of one of the target
entry's attributes. For example, an indirect CoS might specify the manager attribute of a target
entry. The value of the manager attribute is then used to identify the template entry.
The target entry's attribute must be single-valued and contain a DN.
Chapter 5. Managing Entries with Roles, Class of Service, and Views
144