Roles are an entry grouping mechanism. Roles enable you to determine role membership as soon as an entry is retrieved from the directory. Each role has members, or entries that possess the role. As with groups, you can specify role members explicitly or dynamically.
Directory Server supports the following three types of roles:
Managed roles. Explicitly assign a role to member entries.
Filtered roles. Automatically make entries members if the entries match a specified LDAP filter. In this way, the role depends on the attributes contained in each entry.
Nested roles. Enable you to create roles that contain other roles.