1. Manuals
  2. Brands
  3. Red Hat Manuals
  4. Server
  5. DIRECTORY SERVER 7.1 - DEPLOYMENT
  6. Deployment manual

About The Aci Format - Red Hat DIRECTORY SERVER 7.1 - DEPLOYMENT Deployment Manual

Hide thumbs
Table of Contents

Advertisement

Any entry that matches a given LDAP search filter.
In addition, you can set permissions for a specific user, for all users belonging to a
specific group, or for all users of the directory. Lastly, you can define access for a
network location such as an IP address or a DNS name.

About the ACI Format

When designing your security policy, it is helpful to understand how ACIs are
represented in your directory. It is also helpful to understand what permissions
you can set in your directory. This section gives you a brief overview of the ACI
mechanism. For a complete description of the ACI format, see the Red Hat Directory
Server Administrator's Guide.
Directory ACIs take the general form:
target permission bind_rule
The ACI variables are defined below:
target — Specifies the entry (usually a subtree) the ACI targets, the attribute it
targets, or both. The target identifies the directory element that the ACI applies
to. An ACI can target only one entry, but it can target multiple attributes. In
addition, the target can contain an LDAP search filter. This allows you to set
permissions for widely scattered entries that contain common attribute values.
permission — Identifies the actual permission being set by this ACI. The
permission says that the ACI is allowing or denying a specific type of directory
access, such as read or search, to the specified target.
bind rule — Identifies the bind DN or network location to which the permission
applies. The bind rule may also specify an LDAP filter, and if that filter is
evaluated to be true for the binding client application, then the ACI applies to
the client application.
So, ACIs are expressed as follows:
"For the directory object target, allow or deny permission if the
bind_rule is true."
and
permission
bind_rule
pairs for every target. This allows you to efficiently set multiple access
bind_rule
controls for any given target. For example:
target(permission bind_rule)(permission bind_rule)...
are set as a pair, and you can have multiple
Designing Access Control
permission
Chapter 8
Designing a Secure Directory
175

Advertisement

Table of Contents
loading

Related Manuals for Red Hat DIRECTORY SERVER 7.1 - DEPLOYMENT

Related Content for Red Hat DIRECTORY SERVER 7.1 - DEPLOYMENT

This manual is also suitable for:

Directory server 7.1

Table of Contents