1. Manuals
  2. Brands
  3. Red Hat Manuals
  4. Server
  5. DIRECTORY SERVER 7.1 - DEPLOYMENT
  6. Deployment manual

Using Acis: Some Hints And Tricks - Red Hat DIRECTORY SERVER 7.1 - DEPLOYMENT Deployment Manual

Hide thumbs
Table of Contents

Advertisement

Designing Access Control
facsimileTelephoneNumber: +1 408 555 5409
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
uid: tmorris
cn: Ted Morris
userPassword: {SSHA}bz0uCmHZM5b357zwrCUCJs1IOHtMD6yqPyhxBA==
entryLevelRights: vadn
attributeLevelRights: givenName:rsc, sn:rsc, ou:rsc, l:rscow,
manager:rsc, roomNumber:rscwo, mail:rscwo,
facsimileTelephoneNumber:rscwo, objectClass:rsc, uid:rsc,
cn:rsc, userPassword:wo
In this example, Ted Morris has the right to add, view, delete, or rename the DN
on his own entry, as shown by the returns in
he has the right to read, search, compare, self-modify, or self-delete the location
(
) attribute but only self-write and self-delete rights to his password, as shown in
l
the
attributeLevelRights
Information is not given for attributes in an entry that do not have a value; for
example, if the
search on the entry above would not return any effective rights for
userPassword
Likewise, if the
rights, then
You can also view this information through the Console by right-clicking on an
entry, either a group or a user, and selecting "Advanced Properties." Checking
the "Show effective rights" checkbox will show all the attribute-level rights (
,
,
c
w
underneath the DN.
For more information about using get effective rights, see the Red Hat Directory
Server Administrator's Guide.

Using ACIs: Some Hints and Tricks

The following are some ideas that you should keep in mind when you implement
your security policy. They can help to lower the administrative burden of
managing your directory security model and improve your directory's
performance characteristics.
Some of the following hints have already been described earlier in this chapter.
They are included here to provide you with a complete list.
182
Red Hat Directory Server Deployment Guide • May 2005
userPassword
, even though self-write and self-delete rights could be allowed.
attribute were added with read, compare, and search
street
street: rsc
) next to the attributes in the list and the entry-level rights (
o
entryLevelRights
return.
value is removed, then a future effective rights
would appear in the
. For attributes,
attributeLevelRights
,
v
a
results.
,
,
r
s
,
,
)
d
n

Advertisement

Table of Contents
loading

Related Manuals for Red Hat DIRECTORY SERVER 7.1 - DEPLOYMENT

Related Content for Red Hat DIRECTORY SERVER 7.1 - DEPLOYMENT

This manual is also suitable for:

Directory server 7.1

Table of Contents