Abstract: Role is a comprehensive grouping mechanism. In a client-server directory system, roles transfer some of the complexity to the directory server. A role is defined by its role definition entry. Any client with appropriate access privileges can discover, identify and examine any role definition. A “managed” role is one that can be configured to provide search results similar to those available with a static grouping mechanism, i.e., to create a group entry that contains a list of members. Managed roles allow a user to create an explicit enumerated list of members. A managed role is a label stored with a directory entry.

Abstract: Role is a comprehensive grouping mechanism. In a client-server directory system, roles transfer some of the complexity to the directory server. A role is defined by its role definition entry. Assigning entries to roles enables applications to locate the roles of an entry, rather than select a group and browse the members list. Additionally, roles allow for support of generated attribute values, and directory server-performed membership verification for clients. By changing a role definition, a user can change an entire organization with ease. Any client with appropriate access privileges can discover, identify and examine any role definition.

Abstract: Class of Service (CoS) is a mechanism that allows a user to share attributes between directory entries in a way transparent to an application. A CoS scheme includes a CoS Definition entry and a CoS Template entry. These two entries interact to provide attribute values to target entries within their CoS “scope”. In Classic CoS, an attribute-value pair is matched with a target entry based on the target entry's DN. The CoS Definition entry, which is stored as an LDAP subentry below the branch at which it is effective, identifies the type of CoS being used. The Template entry contains a list of attribute values that are shared. Any change made to the template entry's attribute values is automatically applied to all entries that share the attribute.

Abstract: Role is a comprehensive grouping mechanism used in a directory server. In a client-server directory system, roles transfer some of the complexity to the directory server. A role is defined by its role definition entry. Assigning entries to roles enables applications to locate the roles of a target entry, rather than select a group and browse the members list. By changing a role definition, a user can change an entire organization with ease. Any client with appropriate access privileges can discover, identify and examine any role definition. An enumerated role is one that contains a list of target entries as members. By simply searching for the membership of the enumerated role, a client application will obtain a list of all members that possess that enumerated role.

Abstract: Class of Service (CoS) allows a user to share attributes between entries in a way that is transparent to an application. This is achieved by generating the values of the attributes by a CoS logic at the time of or immediately prior to the time the entry is transmitted to an application, rather than storing the values of the attributes with the attribute itself. In alternative embodiments, the attributes may be generated at a time well before the time the entry is transmitted to an application. A CoS includes a CoS Definition entry and a Template entry. These two entries interact to provide attribute values to target entries within their CoS “scope” based on the target entry's DN, presence or absence of the target entry's CoS attribute, the attribute value stored in the target entry's CoS Template, and other factors. The CoS Definition entry, which is stored as an LDAP subentry below the branch at which it is effective, identifies the type of CoS being used.

Abstract: Role is a comprehensive grouping mechanism. In a client-server directory system, roles transfer some of the complexity to the directory server. A role is defined by its role definition entry. Any client with appropriate access privileges can discover, identify and examine any role definition. A “managed” role is one that can be configured to provide search results similar to those available with a static grouping mechanism, i.e., to create a group entry that contains a list of members. Managed roles allow a user to create an explicit enumerated list of members. A managed role is a label stored with a directory entry.

Abstract: Role is a comprehensive grouping mechanism. In a client-server directory system, roles transfer some of the complexity to the directory server. A role is defined by its role definition entry. Any client with appropriate access privileges can discover, identify and examine any role definition. A “managed” role is one that can be configured to provide search results similar to those available with a static grouping mechanism, i.e., to create a group entry that contains a list of members. Managed roles allow a user to create an explicit enumerated list of members. A managed role is a label stored with a directory entry.

Abstract: Several types of roles are disclosed herein. The difference between the role types relates to their capabilities, which in turn derive from how they are implemented. When a client application whishes to identify all entries with some characteristic, e.g., everyone who is a manager and works in a designated building, a filtered role, which uses an LDAP filter in order to search a designated portion of the directory system and to identify those entries that possess the characteristics described in filter, is used.

Abstract: Class of Service (CoS) allows a user to share attributes between entries in a way that is transparent to an application. This is achieved by generating the values of the attributes by a CoS logic at the time of or immediately prior to the time the entry is transmitted to an application, rather than storing the values of the attributes with the attribute itself. In alternative embodiments, the attributes may be generated at a time well before the time the entry is transmitted to an application.

Abstract: Role is a comprehensive grouping mechanism. In a client-server directory system, roles transfer some of the complexity to the directory server. A role is defined by its role definition entry. Assigning entries to roles enables applications to locate the roles of an entry, rather than select a group and browse the members list. Additionally, roles allow for support of generated attribute values, and directory server-performed membership verification for clients. By changing a role definition, a user can change an entire organization with ease. Any client with appropriate access privileges can discover, identify and examine any role definition.

Abstract: Role is a comprehensive grouping mechanism. In a client-server directory system, roles transfer some of the complexity to the directory server. A role is defined by its role definition entry. Assigning entries to roles enables applications to locate the roles of an entry, rather than select a group and browse the members list. Additionally, roles allow for support of computed attribute values, and server-performed membership verification for clients.

Abstract: Role is a comprehensive grouping mechanism. In a client-server directory system, roles transfer some of the complexity to the directory server. A role is defined by its role definition entry. Any client with appropriate access privileges can discover, identify and examine any role definition. A “managed” role is one that can be configured to provide search results similar to those available with a static grouping mechanism, i.e., to create a group entry that contains a list of members. Managed roles allow a user to create an explicit enumerated list of members. A managed role is a label stored with a directory entry.

Abstract: Class of Service (CoS) is a mechanism that allows a user to share attributes between directory entries in a way transparent to an application. A CoS scheme includes a CoS Definition entry and a CoS Template entry. These two entries interact to provide attribute values to target entries within their CoS “scope”. In Classic CoS, an attribute-value pair is matched with a target entry based on the target entry's DN. The CoS Definition entry, which is stored as an LDAP subentry below the branch at which it is effective, identifies the type of CoS being used. The Template entry contains a list of attribute values that are shared. Any change made to the template entry's attribute values is automatically applied to all entries that share the attribute.

Abstract: The present disclosure is directed toward nesting of roles in a directory system. A nested role is a container of other roles. To nest, the DNs corresponding to the roles are added or encapsulated to form the nested role. A “nested” role can be configured to provide additional level of abstraction by nesting different role types—filtered, managed, enumerated or nested—whereby an entry can be a member of any one of the roles in the nesting. Nested roles allow a user to create roles that contain other roles. A nested role can be created with no members nested. Alternatively, a nested role may contain one or more members. The nesting or encapsulation is performed if (1) the target entry is within the scope of the role; and/or (2) target entry is within the scope of the role that causes the target entry to possess the nested role.

Abstract: Class of Service (CoS) is a mechanism that allows a user to share attributes between directory entries in a way transparent to an application. A CoS scheme includes a CoS Definition entry and a CoS Template entry. These two entries interact to provide attribute values to target entries within their CoS “scope”. The CoS Definition entry, which is stored as an LDAP subentry below the branch at which it is effective, identifies the type of CoS being used. The Template entry contains a list of attribute values that are shared. Any change made to the template entry's attribute values is automatically applied to all entries that share the attribute. In the case of pointer CoS a template entry's corresponding attribute-value pair is matched using only a Template DN. There can be only one Template DN for each pointer CoS.

Abstract: Role is a comprehensive grouping mechanism used in a directory server. In a client-server directory system, roles transfer some of the complexity to the directory server. A role is defined by its role definition entry. Assigning entries to roles enables applications to locate the roles of a target entry, rather than select a group and browse the members list. By changing a role definition, a user can change an entire organization with ease. Any client with appropriate access privileges can discover, identify and examine any role definition.