Granting Write Access To Personal Entries; Aci "Write Example.com - Red Hat DIRECTORY SERVER 7.1 - ADMINISTRATOR Administrator's Manual

Access Control Usage Examples
b.
Click OK.
6.
The new ACI is added to the ones listed in the Access Control Manager
window.

Granting Write Access to Personal Entries

Many directory administrators want to allow internal users to change some but
not all of the attributes in their own entry. The directory administrators at
example.com
number, and home address, but nothing else. This is illustrated in the ACI "Write
example.com" example.
It is also
information in the
connection to the directory. This is illustrated in the ACI "Write Subscribers"
example.

ACI "Write example.com"

NOTE
In LDIF, to grant
home telephone number, and home address, you would write the following
statement:
aci: (targetattr="userPassword || homePhone ||
homePostalAddress") (version 3.0; acl "Write example.com"; allow
(write) userdn= "ldap:///self" and dns="*.example.com";)
This example assumes that the ACI is added to the
ou=example-people,dc=example,dc=com
From the Console, you can set this permission by doing the following:
246 Red Hat Directory Server Administrator's Guide • May 2005
In the attribute table, tick the checkboxes for the
, and
homePostalAddress
All other checkboxes should be clear. This task is made easier if you click
the Check None button to clear the checkoxes for all attributes in the
table, then click the Name header to organize them alphabetically, and
select the appropriate ones.
want to allow users to change their own password, home telephone
's policy to let their subscribers update their own personal
example.com
example.com
By setting this permission, you are also granting users the right to
delete attribute values.
example.com
attributes.
mail
tree, provided that they establish an SSL
employees the right to update their password,
entry.
,
homePhone