1. Manuals
  2. Brands
  3. Sun Microsystems Manuals
  4. Server
  5. Sun Java SystemDirectory Server
  6. Migration giude

Removal Of The O=Netscaperoot Suffix; Changes To Acis; Changes In The Aci Scope; Changes In Suffix-Level Acis - Sun Microsystems Sun Java SystemDirectory Server Migration Giude

Hide thumbs
Table of Contents

Advertisement

Changes to ACIs

Removal of the o=netscapeRoot Suffix

In previous versions of Directory Server, centralized administration information was kept in
o=netscapeRoot. In the new administration model, the concept of a configuration directory
server no longer exists. The o=netscapeRoot suffix is no longer required, and the netscapeRoot
database files are therefore not migrated. The configuration data for this suffix can be migrated,
if it is specifically required.
Changes to ACIs
The following changes have been made to ACIs in Directory Server 6.0.

Changes in the ACI Scope

In Directory Server 5.2 ACIs on the root DSE had base scope. In Directory Server 6.0, ACIs on
the root DSE have global scope by default, equivalent to targetscope="subtree".
To reproduce the same behavior as Directory Server 5.2, add targetscope="base" to ACIs on
the root DSE. If you use dsmig to migrate the configuration, this is done automatically.

Changes in Suffix-Level ACIs

In Directory Server 5.2, the following ACI was provided, at the suffix level:
aci: (targetattr != "nsroledn || aci || nsLookThroughLimit ||
nsSizeLimit || nsTimeLimit || nsIdleTimeout || passwordPolicySubentry ||
passwordExpirationTime || passwordExpWarned || passwordRetryCount ||
retryCountResetTime || acc ountUnlockTime || passwordHistory ||
passwordAllowChangeTime")(version 3.0; acl "Allow self entry modification
except for nsroledn, aci, resource limit attributes, passwordPolicySubentry
and password policy state attributes"; allow (write)userdn ="ldap:///self";)
This ACI allowed self-modification of user passwords, among other things. This ACI is no
longer provided in Directory Server 6.0. Instead, the following global ACIs are provided by
default:
aci: (targetattr != "aci") (targetscope = "base") (version 3.0;
aci "Enable read access to rootdse for anonymous users";
allow(read,search,compare) user dn="ldap:///anyone"; )
aci: (targetattr = "*") (version 3.0; acl "Enable full access
for Administrators group"; allow (all)(groupdn =
"ldap:///cn=Administrators,cn=config"); )
70
Sun Java System Directory Server Enterprise Edition 6.0 Migration Guide • March 2007
Sun Confidential: Registered

Advertisement

Table of Contents
loading

Related Manuals for Sun Microsystems Sun Java SystemDirectory Server

Related Content for Sun Microsystems Sun Java SystemDirectory Server

This manual is also suitable for:

Sun java system directory server enterprise edition 6.0

Table of Contents