Red Hat Directory Server 8.0 Administrator's Guide
NOTE
The role entry and the CoS definition and template entries should be located at
the same level in the directory tree.
2.5. Access Control and CoS
The server controls access to attributes generated by a CoS in exactly the same way as regular
stored attributes. However, access control rules depending upon the value of attributes
generated by CoS will not work. This is the same restriction that applies to using CoS-generated
attributes in search filters.
3. Using Views
Virtual directory tree views, or views, create a virtual directory hierarchy, so it is easy to navigate
entries, without having to make sure those entries physically exist in any particular place. The
view uses information about the entries to place them in the view hierarchy, similarly to
members of a filtered role or a dynamic group. Views superimpose a DIT hierarchy over a set of
entries, and to client applications, views appear as ordinary container hierarchies.
Views create a directory tree similar to the regular hierarchy, such as using organizational unit
entries for subtrees, but views entries have an additional object class (nsview) and a filter
attribute (nsviewfilter) that set up a filter for the entries which belong in that view. Once the
view container entry is added, all of the entries that match the view filter instantly populate the
view. The target entries only appear to exist in the view; their true location never changes. For
example, a view may be created as ou=Location Views, and a filter is set for l=Mountain
View. Every entry, such as cn=Jane Smith,l=Mountain
View,ou=People,dc=example,dc=com, is immediately listed under the ou=Location Views
entry, but the real cn=Jane Smith entry remains in the ou=People,dc=example,dc=com
subtree.
Chapter 5. Managing Entries with Roles, Class of Service, and Views
162