Creating Acis Manually; The Aci Syntax - Red Hat DIRECTORY SERVER 7.1 - ADMINISTRATOR Administrator's Manual

Creating ACIs Manually

• All authenticated users have search, compare, and read rights to
configuration attributes that identify the Administration Server.
The following sections explain how to modify these default settings to suit the
needs of your organization.
Creating ACIs Manually
You can create access control instructions manually using LDIF statements and
add them to your directory tree using the
sections explain in detail how to create the LDIF statements.
TIP

The ACI Syntax

The
aci
aci: (
where
•
target
you want to control access. The target can be a distinguished name, one or
more attributes, or a single LDAP filter. The target is an optional part of the
ACI.
•
version 3.0
•
"name"
ACI. The ACI name is required.
206 Red Hat Directory Server Administrator's Guide • May 2005
LDIF ACI statements can be very complex. However, if you are
setting access control for a large number of directory entries, using
LDIF is the preferred method over using the Console because of the
time it can save.
To familiarize yourself with LDIF ACI statements, however, you
may want to use the Directory Server Console to set the ACI and
then click the Edit Manually button on the Access Control Editor.
This shows you the correct LDIF syntax. If your operating system
allows it, you can even copy the LDIF from the Access Control
Editor and paste it into your LDIF file.
attribute uses the following syntax:
target
)(version 3.0;acl "
specifies the entry, attributes, or set of entries and attributes for which
is a required string that identifies the ACI version.
is a name for the ACI. The name can be any string that identifies the
utility. The following
ldapmodify
name permission bind_rules
"; ;)