Access Control and CoS
137
objectclass: top
objectclass: cosSuperDefinition
objectclass: cosClassicDefinition
cosTemplateDn: cn=managerCOS,dc=example,dc=com
cosSpecifier: nsRole
cosAttribute: mailboxquota override
The
cosTemplateDn
attribute provides a value that, in combination with the attribute specified in
the
cosSpecifier
attribute (in the example, the
nsRole
attribute of the target entry), identifies the
CoS template entry. The CoS template entry provides the value for the
mailboxquota
attribute.
An additional qualifier of
override
tells the CoS to override any existing
mailboxquota
attributes
values in the target entry.
The corresponding CoS template entry looks as follows:
dn:cn="cn=ManagerRole,ou=people,dc=example,dc=com",cn=managerCOS,dc=example,dc=com
objectclass: top
objectclass: extensibleObject
objectclass: cosTemplate
mailboxquota: 1000000
The template provides the value for the
mailboxquota
attribute,
1000000
.
NOTE
The role entry and the CoS definition and template entries should be located at the same
level in the directory tree.
5.2.5. Access Control and CoS
The server controls access to attributes generated by a CoS in exactly the same way as regular stored
attributes. However, access control rules depending upon the value of attributes generated by CoS will
not work. This is the same restriction that applies to using CoS-generated attributes in search filters.
5.3. Using Views
Virtual directory tree views, or
views
, create a virtual directory hierarchy, so it is easy to navigate
entries, without having to make sure those entries physically exist in any particular place. The view
uses information about the entries to place them in the view hierarchy, similarly to members of a
filtered role or a dynamic group. Views superimpose a DIT hierarchy over a set of entries, and to client
applications, views appear as ordinary container hierarchies.
Views create a directory tree similar to the regular hierarchy, such as using organizational unit
entries for subtrees, but views entries have an additional object class (
nsview
) and a filter attribute
(
nsviewfilter
) that set up a filter for the entries which belong in that view. Once the view container
entry is added, all of the entries that match the view filter instantly populate the view. The target
entries only
appear
to exist in the view; their true location never changes. For example, a view may
be created as
ou=Location Views
, and a filter is set for
l=Mountain View
. Every entry, such
as
cn=Jane Smith,l=Mountain View,ou=People,dc=example,dc=com
, is immediately
listed under the
ou=Location Views
entry, but the real
cn=Jane Smith
entry remains in the
ou=People,dc=example,dc=com
subtree.
Summary of Contents for DIRECTORY SERVER 8.0
Page 18: ...xviii ...
Page 29: ...Configuring the Directory Manager 11 6 Enter the new password and confirm it 7 Click Save ...
Page 30: ...12 ...
Page 112: ...94 ...
Page 128: ...110 ...
Page 190: ...Chapter 6 Managing Access Control 172 4 Click New to open the Access Control Editor ...
Page 224: ...206 ...
Page 324: ...306 ...
Page 334: ...316 ...
Page 358: ...340 ...
Page 410: ...392 ...
Page 420: ...402 ...
Page 444: ...426 ...
Page 454: ...436 ...
Page 464: ...446 ...
Page 484: ...466 ...
Page 512: ...494 ...
Page 522: ...504 ...