Skip Navigation Links | |
Exit Print View | |
Oracle Directory Server Enterprise Edition Administration Guide 11g Release 1 (11.1.1.5.0) |
Part I Directory Server Administration
2. Directory Server Instances and Suffixes
3. Directory Server Configuration
6. Directory Server Access Control
7. Directory Server Password Policy
8. Directory Server Backup and Restore
9. Directory Server Groups, Roles, and CoS
Managing Roles From the Command Line
Example of a Managed Role Definition
Example of a Filtered Role Definition
Example of a Nested Role Definition
Protecting the CoS Definition Entry
Protecting the CoS Template Entries
Protecting the Target Entries of a CoS
Managing CoS From the Command Line
Creating the CoS Definition Entry From the Command Line
Creating the CoS Template Entry From the Command Line
Creating Role-Based Attributes
Maintaining Referential Integrity
How Referential Integrity Works
To Configure the Referential Integrity Plug-In
10. Directory Server Replication
13. Directory Server Attribute Value Uniqueness
15. Directory Server Monitoring
Part II Directory Proxy Server Administration
16. Directory Proxy Server Tools
17. Directory Proxy Server Instances
19. Directory Proxy Server Certificates
20. Directory Proxy Server Load Balancing and Client Affinity
21. Directory Proxy Server Distribution
22. Directory Proxy Server Virtualization
23. Virtual Data Transformations
24. Connections Between Directory Proxy Server and Back-End LDAP Servers
25. Connections Between Clients and Directory Proxy Server
26. Directory Proxy Server Client Authentication
27. Directory Proxy Server Logging
28. Directory Proxy Server Monitoring and Alerts
Part III Directory Service Control Center Administration
Groups, roles, and CoS are defined as follows:
Groups are entries that name other entries, either as a list of members or as a filter for members. For groups that consist of a list of members, Directory Server generates values for the isMemberOf attribute on each user entry. The isMemberOf attribute on a user entry thus shows all the groups to which that entry belongs.
Roles provide the same functionality as groups, and more, through a mechanism that generates the nsrole attribute on each member of a role.
CoS generates a computed attribute, which allows entries to share a common attribute value without having to store the attribute in each entry.
You cannot use the isMemberOf attribute to make all the members of static groups automatically inherit from a common computed attribute value.
Directory Server provides the ability to perform searches that are based on the values of the roles, and groups and the CoS computed attributes. Filter strings used in any operation can include the nsRole attribute or any attribute generated by a CoS definition. Filter strings can also be used to perform any of the comparison operations on the value of this attribute. However, computed CoS attributes cannot be indexed. Therefore, any search that involves a CoS-generated attribute might consume a large amount of resources in terms of time and memory.
To take full advantage of the features offered by roles, groups, and class of service, determine your grouping strategy in the planning phase of your directory deployment. Refer to Chapter 11, Directory Server Groups and Roles, in Oracle Directory Server Enterprise Edition Reference for a description of these features and how they can simplify your topology.
To gain a deeper understanding of how roles and groups work, see Chapter 11, Directory Server Groups and Roles, in Oracle Directory Server Enterprise Edition Reference. For a detailed description of CoS, see Chapter 12, Directory Server Class of Service, in Oracle Directory Server Enterprise Edition Reference.