Administration Guide › Set Up Groups and Roles › Role-Based Configuration

Role-Based Configuration

After you have set up a group, you can add some specified attributes that restrict the searches for group members. A group used to provide restrictions in this way is called a role.

This works for both static and dynamic directory groups. You can use role-based configuration in both local and distributed directories.

For a group to hold these attributes, it needs to have the dxRoleBasedConfig auxiliary object class. dxRoleBasedConfig lets the group entry contain attributes that define the following types of restrictions:

Operational limits

You can add the following attributes to a role:

• dxTimeLimit—This attribute specifies the maximum duration for a search.
• dxSizeLimit—This attribute specifies the maximum number of entries that a search can return.

For more information about operation limits, see Limit Operations.

Search profiles

You can add the attribute dxAllowSearch to a role. This attribute specifies the name of a search profile. Search Profiles are defined by the set allow-search command.

You can also use a group to provide role-based access controls. For more information, see Access Controls.

More information:

Apply Operational Limits to a Role

Assign a Role to an Access Control Rule

set allow-search Command—Define a Search Profile