Red Hat Directory Server 8.0 Administrator's Guide
2.4. Creating Role-Based Attributes
Classic CoS schemes generate attribute values for an entry based on the role possessed by the
entry. For example, role-based attributes can be used to set the server look-through limit on an
entry-by-entry basis.
To create a role-based attribute, use the nsRole attribute as the cosSpecifier in the CoS
definition entry of a classic CoS. Because the nsRole attribute can be multi-valued, CoS
schemes can be defined that have more than one possible template entry. To resolve the
ambiguity of which template entry to use, include the cosPriority attribute in the CoS template
entry.
For example, this CoS allows members of the manager role to exceed the standard mailbox
quota. The manager role entry is:
dn: cn=ManagerRole,ou=people,dc=example,dc=com
objectclass: top
objectclass: nsRoleDefinition
objectclass: nsComplexRoleDefinition
objectclass: nsFilteredRoleDefinition
cn: ManagerRole
nsRoleFilter: o=managers
Description: filtered role for managers
The classic CoS definition entry looks like:
dn: cn=managerCOS,dc=example,dc=com
objectclass: top
objectclass: cosSuperDefinition
objectclass: cosClassicDefinition
cosTemplateDn: cn=managerCOS,dc=example,dc=com
cosSpecifier: nsRole
cosAttribute: mailboxquota override
The cosTemplateDn attribute provides a value that, in combination with the attribute specified in
the cosSpecifier attribute (in the example, the nsRole attribute of the target entry), identifies
the CoS template entry. The CoS template entry provides the value for the mailboxquota
attribute. An additional qualifier of override tells the CoS to override any existing
mailboxquota attributes values in the target entry.
The corresponding CoS template entry looks as follows:
dn:cn="cn=ManagerRole,ou=people,dc=example,dc=com",cn=managerCOS,dc=example,dc=com
objectclass: top
objectclass: extensibleObject
objectclass: cosTemplate
mailboxquota: 1000000
The template provides the value for the mailboxquota attribute, 1000000.
Creating Role-Based Attributes
161