Chapter 5. Managing Entries with Roles, Classes of Service, and Views
136
It is fairly common for there to be multiple templates completing to provide a value. For example, there
can be a multi-valued
cosSpecifier
attribute in the CoS definition entry. The template priority is set
using the
cosPriority
attribute. This attribute represents the global priority of a particular template.
A priority of zero is the highest priority.
For example, a CoS template entry for generating a department number appears as follows:
dn: cn=data,dc=example,dc=com
objectclass: top
objectclass: extensibleObject
objectclass: cosTemplate
departmentNumber: 71776
cosPriority: 0
This template entry contains the value for the
departmentNumber
attribute. It has a priority of zero,
meaning this template takes precedence over any other conflicting templates that define a different
departmentNumber
value.
Templates that contain no
cosPriority
attribute are considered the lowest priority. Where two or
more templates are considered to supply an attribute value and they have the same (or no) priority, a
value is chosen arbitrarily.
NOTE
The behavior for negative
cosPriority
values is not defined in Directory Server; do not
enter negative values.
5.2.4. Creating Role-Based Attributes
Classic CoS schemes generate attribute values for an entry based on the role possessed by the entry.
For example, role-based attributes can be used to set the server look-through limit on an entry-by-
entry basis.
To create a role-based attribute, use the
nsRole
attribute as the
cosSpecifier
in the CoS definition
entry of a classic CoS. Because the
nsRole
attribute can be multi-valued, CoS schemes can be
defined that have more than one possible template entry. To resolve the ambiguity of which template
entry to use, include the
cosPriority
attribute in the CoS template entry.
For example, this CoS allows members of the manager role to exceed the standard mailbox quota.
The manager role entry is:
dn: cn=ManagerRole,ou=people,dc=example,dc=com
objectclass: top
objectclass: nsRoleDefinition
objectclass: nsComplexRoleDefinition
objectclass: nsFilteredRoleDefinition
cn: ManagerRole
nsRoleFilter: o=managers
Description: filtered role for managers
The classic CoS definition entry looks like:
dn: cn=managerCOS,dc=example,dc=com
Summary of Contents for DIRECTORY SERVER 8.0
Page 18: ...xviii ...
Page 29: ...Configuring the Directory Manager 11 6 Enter the new password and confirm it 7 Click Save ...
Page 30: ...12 ...
Page 112: ...94 ...
Page 128: ...110 ...
Page 190: ...Chapter 6 Managing Access Control 172 4 Click New to open the Access Control Editor ...
Page 224: ...206 ...
Page 324: ...306 ...
Page 334: ...316 ...
Page 358: ...340 ...
Page 410: ...392 ...
Page 420: ...402 ...
Page 444: ...426 ...
Page 454: ...436 ...
Page 464: ...446 ...
Page 484: ...466 ...
Page 512: ...494 ...
Page 522: ...504 ...