As you saw in the previous section, we have created the users entity (ou=users) under the root entity (o=packtPublisher), and have kept all users under that entity in the LDAP server. Similarly, to store authorization information, we will create a new entity directly under the root entity in Apache DS, with the following steps:

1. Right-click on the partition o=packtPublisher and select New | New Entry from the LDAP Browser window.
2. Choose the option Create entry from scratch and click on the Next button.
3. We are going to add an entity type organization unit, so choose the organizationalUnit object class and click on the Next button.
4. We will use ou (organizational unit) as the RDN and roles as its value. The DN is automatically calculated when we give the value of the RDN. You can use more than one attribute (or the same attribute multiple times, with different values) for the RDN. The DN will then be calculated by appending each of them with a comma.
5. Click on the Next button, followed by the Finish button, and the entry ou=roles will be added under o=packtPublisher. The updated structure will be visible in the LDAP Browser window.

Next, we will add the actual role entries under the ou=roles entry. The steps are as follows:

1. Right-click on the roles entity (ou=roles) and select New | New Entry.
2. Choose the option Create entry from scratch and click on Next.
3. To add a role, choose groupOfNames as the object class that represents a role. Click on the Next button.
4. We are going to add a role, so we will use the attribute cn (common name) as the RDN. Just give the value as ADMIN. At this moment, the DN is calculated as cn=ADMIN, ou=roles, o=packtPublisher. Click on the Next button.
5. Since this entity has groupOfNames as the object class, the system will ask for the member assignment in the next window. 
6. Click on the Browse button and choose the user that you want to assign this role, under the o=packtPublisher entry. Click on the OK button.
7. The following are the steps for assigning multiple members in the given role:
   1. Select any of the role entries from the LDAP Browser window. Right-click in the middle section (where the details of the selected role are visible a tabular format) and choose New Attribute.
   2. Give the value of Attribute type as member, click on Next, and click on the Finish button; you will see the same window for selecting the user to assign to this role.

Execute these steps and create the following two roles under the roles entry:

• ADMIN
• USER

The role structure has been created in Apache DS. We will now import these details to perform authorization.