Table of Contents
Advertisement
Creating ACIs from the Console
See "Access Control Usage Examples," on page 242, for a collection of access
control rules commonly used in Directory Server security policies, along with
step-by-step instructions for using the Directory Server Console to create them.
The Access Control Editor does not enable you to construct some of the more
complex ACIs when you are in Visual editing mode. In particular, from the
Access Control Editor you cannot:
•
Deny access (see "Permissions Syntax," on page 218).
•
Create value-based ACIs (see "Targeting Attribute Values Using LDAP
Filters," on page 213).
•
Define parent access (see "Parent Access (parent Keyword)," on page 222).
•
Create ACIs that contain Boolean bind rules (see "Using Boolean Bind Rules,"
on page 236).
•
Generally, create ACIs that use the following keywords:
authmethod
TIP
Displaying the Access Control Editor
Start the Directory Server Console. Log in using the bind DN and password of
1.
a privileged user, such as the Directory Manager, who has write access to the
ACIs configured for the directory.
For instructions, refer to "Using the Directory Server Console," on page 34.
In the Directory Server Console, select the Directory tab.
2.
Right-click the entry in the navigation tree for which you want to set access
3.
control, and select Set Access Permissions from the pop-up menu (Figure 6-2).
Or highlight the entry, and select Set Access Permissions from the Object
menu.
238
Red Hat Directory Server Administrator's Guide • May 2005
.
In the Access Control Editor, you can click on the Edit Manually
button at any time to check the LDIF representation of the changes
you make through the graphical interface.
,
,
roledn
userattr
Advertisement
Table of Contents
Troubleshooting
