Previous Topic: Enable Dynamic Roles

Next Topic: Disable Dynamic Roles

Create a Dynamic Role

For each dynamic role, you need to create an entry in the roles subtree using one of these auxiliary object classes:

All role entries must be stored in the same subtree.

To create a dynamic role

  1. Add a value to the dxMemberURL attribute of a dynamic group containing a search filter in LDAP URL form:
    ldap:///base-dn??scope?filter
    
  2. Save the change to the entry.

    The role is applied to members when they next log in to the directory.

Example: A Dynamic Role Entry

This example shows a dynamic group entry that is used as a role.

The entry is shown in LDIF format:

dn: cn=Manager,ou=Groups,o=Democorp,c=AU
objectClass: groupOfNames
objectClass: dxDynamicGroupOfNames
objectClass: top
cn: Manager
dxMemberURL:: bGRhcDovLy9jPVFVSz9zdWI/AHNuPOR1bWVsZWXvssUpIA=0

The DN in the dxMemberURL attribute is encoded, because of the attribute's syntax. The unencoded value is as follows:

ldap:///o=Democorp,c=AU??sub?(position=manager)

In this URL, the search's base object and scope are ignored.


Copyright © 2009 CA. All rights reserved. Email CA about this topic