Dynamic and nested group support for the SunONE or iPlanet Directory Server: WAS ND

Dynamic and nested group support for the SunONE or iPlanet Directory Server

The SunONE or iPlanet Directory Server uses two grouping mechanisms:

Groups

Groups are entries that name other entries as a list of members or as a filter for members.

Roles

Roles are also entries that name other entries as a list of members or as a filter for members. Additional functionality is provided by generating the nsrole attribute on each role member.

Three types of roles are available:

Filtered roles

Entries are members if they match a specified LDAP filter. In this way, the role depends upon the attributes that are contained in each entry. This role is equivalent to a dynamic group.

Nested roles

Create roles that contain other roles. This role is equivalent to a nested group.

Managed roles

Explicitly assigns a role to member entries. This role is equivalent to a static group.

Roles and groups are defined and administered similarly, with additional function so that member entries can have a generated attribute to indicate active roles. For example, an application can read the roles of an entry rather than select a group and browse the members list. This function simplifies and eases administration.

Refer to Configuring dynamic and nested group support for the SunONE or iPlanet Directory Server for more information.

Dynamic groups and nested group support
Dynamic groups and nested group support for the IBM Directory Server
Locating a user's group memberships in Lightweight Directory Access Protocol
Lightweight Directory Access Protocol

Configuring dynamic and nested group support for the SunONE or iPlanet Directory Server
Configuring dynamic and nested group support for the IBM Directory Server
Using specific directory servers as the LDAP server