Administration Guide › Set Up Groups and Roles › Role-Based Configuration

Role-Based Configuration

After you have set up a group, you can add some specified attributes that restrict the searches for group members. A group used to provide restrictions in this way is called a role.

This works for both static and dynamic directory groups. You can use role-based configuration in both local and distributed directories.

For a group to hold these attributes, it needs to have the dxRoleBasedConfig auxiliary object class. dxRoleBasedConfig lets the group entry contain attributes that define the following types of restrictions:

• Operational limits

  You can add the following attributes to a role:

  • dxTimeLimit—This attribute specifies the maximum duration for a search.
  • dxSizeLimit—This attribute specifies the maximum number of entries that a search can return.

  For more information about operation limits, see Limit Operations.

• Search profiles

  You can add the attribute dxAllowSearch to a role. This attribute specifies the name of a search profile. Search Profiles are defined by the set allow-search command.

You can also use a group to provide role-based access controls. For more information, see Access Controls.