Dynamic and nested group support for the SunONE or iPlanet Directory Server

Dynamic and nested group support for the SunONE or iPlanet Directory Server

The SunONE or iPlanet Directory Server uses two grouping mechanisms:

Groups

Groups are entries that name other entries as a list of members or as a filter for members.

Roles

Roles are also entries that name other entries as a list of members or as a filter for members. Additional functionality is provided by generating the nsrole attribute on each role member.

Three types of roles are available:

Filtered roles

Entries are members if they match a specified Lightweight Directory Access Protocol (LDAP) filter. In this way, the role depends upon the attributes that are contained in each entry. This role is equivalent to a dynamic group.

Nested roles

Creates roles that contain other roles. This role is equivalent to a nested group.

Managed roles

Explicitly assigns a role to member entries. This role is equivalent to a static group.

Refer to Configuring dynamic and nested group support for the SunONE or iPlanet Directory Server for more information.

See Also

Dynamic groups and nested group support for the IBM Tivoli Directory Server
Locating a user's group memberships in Lightweight Directory Access Protocol
Lightweight Directory Access Protocol

Related Tasks

Configuring dynamic and nested group support for the SunONE or iPlanet Directory Server
Configuring dynamic and nested group support for the IBM Tivoli Directory Server
Using specific directory servers as the LDAP server

IBM is a trademark of the IBM Corporation in the United States, other countries, or both.
Tivoli is a trademark of the IBM Corporation in the United States, other countries, or both.