1. Manuals
  2. Brands
  3. Red Hat Manuals
  4. Server
  5. DIRECTORY SERVER 7.1 - DEPLOYMENT
  6. Deployment manual

Designing Access Control - Red Hat DIRECTORY SERVER 7.1 - DEPLOYMENT Deployment Manual

Hide thumbs
Table of Contents

Advertisement

Designing Access Control

Account lockout is enforced on the replicas.
The password policy information in your directory, such as password age, the
account lockout counter, and the expiration warning counter, are all replicated.
However, the configuration information is kept locally and is not replicated. This
information includes the password syntax and the history of password
modifications.
When configuring a password policy in a replicated environment, consider the
following points:
All replicas issue warnings of an impending password expiration. This
information is kept locally on each server, so if a user binds to several replicas
in turn, the user receives the same warning several times. In addition, if the
user changes the password, it may take time for this information to filter to
the replicas. If a user changes a password and then immediately rebinds, the
bind may fail until the replica registers the changes.
You want the same bind behavior to occur on all servers, including suppliers
and replicas. Make sure you create the same password policy configuration
information on each server.
Account lockout counters may not work as expected in a multi-master
environment.
Designing Access Control
Once you decide on one or more authentication schemes to establish the identity
of directory clients, you need to decide how to use the schemes to protect
information contained in your directory. Access control allows you to specify that
certain clients have access to particular information, while other clients do not.
You specify access control using one or more access control list (ACL). Your
directory's ACLs consist of a series of one or more access control information
(ACI) statements that either allow or deny permissions (such as read, write,
search, and compare) to specified entries and their attributes.
Using the ACL, you can set permissions for the following:
The entire directory.
A particular subtree of the directory.
Specific entries in the directory.
A specific set of entry attributes.
174
Red Hat Directory Server Deployment Guide • May 2005

Advertisement

Table of Contents
loading

Related Manuals for Red Hat DIRECTORY SERVER 7.1 - DEPLOYMENT

Related Content for Red Hat DIRECTORY SERVER 7.1 - DEPLOYMENT

This manual is also suitable for:

Directory server 7.1

Table of Contents