HP-UX Directory Server Administrator Guide HP-UX Directory Server Version 8.1 (5900-3098, May 2013)

ManualsBrandsHP ManualsSoftwareHP-UX Directory Server

201

202

203

204

205

206

207

208

209

210

dn: cn=sales,cn=classicCoS,dc=example,dc=com

objectclass: top

objectclass: extensibleObject

objectclass: cosTemplate

postalCode: 44438

dn: cn=marketing,cn=classicCoS,dc=example,dc=com

objectclass: top

objectclass: extensibleObject

objectclass: cosTemplate

postalCode: 99111

The classic CoS definition entry applies to all entries under the dc=example,dc=com suffix.

Depending upon the combination of the businessCategory attribute found in the entry and the

cosTemplateDN, it can arrive at one of two templates. One, the sales template, provides a postal

code specific to employees in the sales department. The marketing template provides a postal code

specific to employees in the marketing department.

5.2.3.6 Searching for CoS entries

CoS definition entries are operational entries and are not returned by default with regular searches.

This means that if a CoS is defined under ou=People,dc=example,dc=com, for example, the

following ldapsearch command will not return them:

ldapsearch -s sub -b ou=People,dc=example,dc=com “(objectclass=*)”

To return the CoS definition entries, add the ldapSubEntry object class to the CoS definition

entries. For example:

dn: cn=pointerCoS,ou=People,dc=example,dc=com

objectclass: top

objectclass: cosSuperDefinition

objectclass: cosPointerDefinition

objectclass: ldapSubEntry

cosTemplateDn: cn=exampleUS,ou=data,dc=example,dc=com

cosAttribute: postalCode override

Then use a special search filter, (objectclass=ldapSubEntry), with the search. This filter

can be added to any other search filter using OR (|):

ldapsearch -s sub -b ou=People,dc=example,dc=com

"(|(objectclass=*)(objectclass=ldapSubEntry))"

This search returns all regular entries in addition to CoS definition entries in the

ou=People,dc=example,dc=com subtree.

NOTE:

The Console automatically shows CoS entries.

5.2.4 Creating role-based attributes

Classic CoS schemes generate attribute values for an entry based on the role possessed by the

entry. For example, role-based attributes can be used to set the server look-through limit on an

entry-by-entry basis.

To create a role-based attribute, use the nsRole attribute as the cosSpecifier in the CoS

definition entry of a classic CoS. Because the nsRole attribute can be multivalued, CoS schemes

can be defined that have more than one possible template entry. To resolve the ambiguity of which

template entry to use, include the cosPriority attribute in the CoS template entry.

For example, this CoS allows members of the manager role to exceed the standard mailbox quota.

The manager role entry is:

dn: cn=ManagerRole,ou=people,dc=example,dc=com

objectclass: top

objectclass: nsRoleDefinition

5.2 Assigning class of service 209