Red Hat DIRECTORY SERVER 7.1 - ADMINISTRATOR Administrator's Manual page 248

Access Control Usage Examples
In LDIF, to grant
home telephone number, you would write the following statement:
aci: (targetattr="userPassword || homePhone") (version 3.0; acl
"Write Subscribers"; allow (write) userdn= "ldap://self" and
authmethod="ssl";)
This example assumes that the
dc=example,dc=com
example.com
they might delete the attribute, and
billing. Therefore, the home address is business-critical information.
From the Console, you can set this permission by doing the following:
In the Directory tab, right click the Subscribers entry under the
1.
node in the left navigation tree, and choose Set Access Permissions from the
pop-up menu to display the Access Control Manager.
Click New to display the Access Control Editor.
2.
In the Users/Groups tab, in the ACI name field, type
3.
the list of users granted access permission, do the following:
a.
b.
c.
d.
In the Rights tab, tick the checkbox for
4.
are clear.
In the Targets tab, click This Entry to display the
5.
dc=example,dc=com
a.
248 Red Hat Directory Server Administrator's Guide • May 2005
example.com
entry.
subscribers do not have
Select and remove All Users, then click Add.
The Add Users and Groups dialog box is displayed.
Set the Search area to Special Rights, and select Self from the Search
results list.
Click the Add button to list Self in the list of users who are granted access
permission.
Click OK to dismiss the Add Users and Groups dialog box.
suffix in the target directory entry field.
In the filter for subentries field, type the following filter:
(!(unlistedSubscriber=yes))
subscribers the right to update their password and
is added to the
aci ou=subscribers,
access to their home address because
write
needs that information for
example.com
. Make sure the other checkboxes
write
example.com
Write Subscribers
dc=subscribers,
. In