JavaScript is required to for searching.
Skip Navigation Links
Exit Print View
Oracle Directory Server Enterprise Edition Administration Guide 11g Release 1 (
search filter icon
search icon

Document Information


Part I Directory Server Administration

1.  Directory Server Tools

2.  Directory Server Instances and Suffixes

3.  Directory Server Configuration

4.  Directory Server Entries

5.  Directory Server Security

6.  Directory Server Access Control

7.  Directory Server Password Policy

8.  Directory Server Backup and Restore

9.  Directory Server Groups, Roles, and CoS

About Groups, Roles, and Class of Service

Managing Groups

To Create a New Static Group

To Create a New Dynamic Group

Managing Roles

Using Roles Securely

Managing Roles From the Command Line

Example of a Managed Role Definition

Example of a Filtered Role Definition

Example of a Nested Role Definition

Extending the Scope of a Role

To Extend the Scope of a Role

Class of Service

Using CoS Securely

Protecting the CoS Definition Entry

Protecting the CoS Template Entries

Protecting the Target Entries of a CoS

Protecting Other Dependencies

Managing CoS From the Command Line

Creating the CoS Definition Entry From the Command Line

Creating the CoS Template Entry From the Command Line

Creating Role-Based Attributes

Monitoring the CoS Plug-In

Setting CoS Logging

Maintaining Referential Integrity

How Referential Integrity Works

To Configure the Referential Integrity Plug-In

10.  Directory Server Replication

11.  Directory Server Schema

12.  Directory Server Indexing

13.  Directory Server Attribute Value Uniqueness

14.  Directory Server Logging

15.  Directory Server Monitoring

Part II Directory Proxy Server Administration

16.  Directory Proxy Server Tools

17.  Directory Proxy Server Instances

18.  LDAP Data Views

19.  Directory Proxy Server Certificates

20.  Directory Proxy Server Load Balancing and Client Affinity

21.  Directory Proxy Server Distribution

22.  Directory Proxy Server Virtualization

23.  Virtual Data Transformations

24.  Connections Between Directory Proxy Server and Back-End LDAP Servers

25.  Connections Between Clients and Directory Proxy Server

26.  Directory Proxy Server Client Authentication

27.  Directory Proxy Server Logging

28.  Directory Proxy Server Monitoring and Alerts

Part III Directory Service Control Center Administration

29.  Directory Service Control Center Configuration


Managing Groups

Groups enable you to associate entries for ease of administration. For example, using groups makes it easier to define access control instructions (ACIs). Group definitions are special entries that either name their members in a static list or provide a filter that defines a dynamic set of entries.

The scope of possible members of a group is the entire directory, regardless of where the group definition entries are located. To simplify administration, all group definition entries are usually stored in a single location, usually ou=Groups under the root suffix.

The two types of groups are static groups and dynamic groups.

To Create a New Static Group

You cannot use DSCC to perform this task. Use the command line, as described in this procedure.

  1. Create a new static group using the ldapmodify command.

    For example, to create a new static group called System Administrators and to add some members, you could use this command:

    $ ldapmodify -a -h host1 -p 1389 -D cn=admin,cn=Administrators,cn=config -w -
    dn: cn=System Administrators, ou=Groups, dc=example,dc=com
    changetype: add
    cn: System Administrators
    objectclass: top
    objectclass: groupOfNames
    ou: Groups
    member: uid=kvaughan, ou=People, dc=example,dc=com
    member: uid=rdaugherty, ou=People, dc=example,dc=com
    member: uid=hmiller, ou=People, dc=example,dc=com
  2. Check to see that the new group has been created and that the members have been added.

    For example, to check that Kirsten Vaughan is in the new System Administrators group, type:

    $ ldapsearch -b "dc=example,dc=com" uid=kvaughan isMemberOf
    isMemberOf: cn=System Administrators, ou=Groups, dc=example,dc=com 
    isMemberOf: cn=HR Managers,ou=groups,dc=example,dc=com

To Create a New Dynamic Group

You cannot use DSCC to perform this task. Use the command line, as described in this procedure.