I'm planning to use OpenDJ as a backend ldap server to store RBAC. And I'm going to use objectclass=organizationalRole to store Roles (I'm choosing groupOfNames to store Organizational Groups, unnecessarily related with Roles).
As I can see there's an equivalent virtual attribute of isMemeberOf, with which I can easily find out which Organizational Group a person belongs to.
I'm wondering if there's an similar membership attribute for organizationalRole so I can quickly find out which Roles a person belongs to ?
Or any other better solution to do RBAC and Organizational Group in OpenDJ ?
Thanks
The isMemberOf virtual attribute plugin leverages OpenDJ group manager which currently supports the following static groups: groupOfNames, groupOfUniqueNames and groupOfEntries, and the dynamic groups: groupOfURLs. It does so, regardless of their places in the Directory Information Tree. If you need to support another type of group (like organizationalRole), some code will be required.