Dynamic and nested group support for the SunONE or iPlanet Directory Server
The SunONE or iPlanet Directory Server uses two grouping mechanisms:
- Groups
- Groups are entries that name other entries as a list of members or as a filter for members.
- Roles
- Roles are also entries that name other entries as a list of members or as a filter for members. Additional functionality is provided by generating the nsrole attribute on each role member.
Three types of roles are available:
- Filtered roles
- Entries are members if they match a specified Lightweight Directory Access Protocol (LDAP) filter. In this way, the role depends upon the attributes that are contained in each entry. This role is equivalent to a dynamic group.
- Nested roles
- Creates roles that contain other roles. This role is equivalent to a nested group.
- Managed roles
- Explicitly assigns a role to member entries. This role is equivalent to a static group.
Refer to Configuring dynamic and nested group support for the SunONE or iPlanet Directory Server for more information.
See Also
Dynamic groups and nested group support for the IBM Tivoli Directory Server
Locating a user's group memberships in Lightweight Directory Access Protocol
Lightweight Directory Access Protocol
Related Tasks
Configuring dynamic and nested group support for the SunONE or iPlanet Directory Server
Configuring dynamic and nested group support for the IBM Tivoli Directory Server
Using specific directory servers as the LDAP server
IBM is a trademark of the IBM Corporation in the United States, other countries, or both.
Tivoli is a trademark of the IBM Corporation in the United States, other countries, or both.