In the above example, if the client wanted to perform an
the command would include the following controls:
#ldapmodify -D "uid=MoneyWizAcctSoftware,
ou=Applications,dc=example,dc=com" -w secretpwd
-y "uid=AcctAdministrator,ou=Administrators,dc=example,dc=com"
The client or application (
privileges of the proxy entry (
password of the proxy entry.
NOTE
Viewing the ACIs for an Entry
You can view all the ACIs under a single suffix in the directory by running the
following
ldapsearch -h host -p port -b baseDN -D rootDN -w rootPassword (aci=*)
aci
See Red Hat Directory Server Configuration, Command, and File Reference for
information on using the
From the Console, you can view all of the ACIs that apply to a particular entry
through the Access Control Manager.
In the Directory Console, on the Directory tab, right-click the entry in the
1.
navigation tree, and select Set Access Permissions.
The Access Control Manager is displayed. It contains a list of the ACIs
belonging to the selected entry.
Check the Show Inherited ACIs checkbox to display all ACIs created on entries
2.
above the selected entry that also apply.
Get Effective Rights Control
Finding the rights on existing attributes within a specific entry offers a convenient
way for administrators to find and control the access rights.
MoneyWizAcctSoftware
AcctAdministrator
You cannot use the directory manager's DN (Root DN) as a proxy
DN. In addition, if Directory Server receives more than one proxied
authentication control, an error is returned to the client application,
and the bind attempt is unsuccessful.
command:
ldapsearch
ldapsearch
ldapsearch
) binds as itself but is granted the
). The client does not need the
utility.
Chapter 6
Viewing the ACIs for an Entry
command,
Managing Access Control
263