Bind Rules; Setting Permissions; The Precedence Rule - Red Hat DIRECTORY SERVER 8.1 - DEPLOYMENT Deployment Manual

Hide thumbs Also See for DIRECTORY SERVER 8.1 - DEPLOYMENT:

Command reference manual (372 pages)

Configuration and command reference (292 pages)

Reference (228 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

page of 164

/ 164
Contents
Table of Contents
Bookmarks

Table of Contents

Chapter 8. Designing a Secure Directory

Permission

Proxy

8.7.1.3. Bind Rules

The bind rule usually indicates the bind DN subject to the permission. It can also specify bind

attributes such as time of day or IP address.

Bind rules easily express that the ACI applies only to a user's own entry. This allows users to update

their own entries without running the risk of a user updating another user's entry.

Bind rules indicate that the ACI is applicable in specific situations:

• Only if the bind operation is arriving from a specific IP address or DNS hostname. This is often used

to force all directory updates to occur from a given machine or network domain.

• If the person binds anonymously. Setting a permission for anonymous bind also means that the

permission applies to anyone who binds to the directory as well.

• For anyone who successfully binds to the directory. This allows general access while preventing

anonymous access.

• Only if the client has bound as the immediate parent of the entry.

• Only if the entry as which the person has bound meets a specific LDAP search criteria.

The Directory Server provides several keywords to more easily express these kinds of access:

• Parent. If the bind DN is the immediate parent entry, then the bind rule is true. This means that

specific permissions can be granted that allow a directory branch point to manage its immediate

child entries.

• Self. If the bind DN is the same as the entry requesting access, then the bind rule is true. Specific

permission can be granted to allow individuals to update their own entries.

• All. The bind rule is true for anyone who has successfully bound to the directory.

• Anyone. The bind rule is true for everyone. This keyword is used to allow or deny anonymous

access.

8.7.2. Setting Permissions

By default, all users are denied access rights of any kind, with the exception of the Directory Manager.

Consequently, some ACIs must be set for the directory for users to be able to access the directory.

For information about how to set ACIs in the directory, refer to the Red Hat Directory Server

Administrator's Guide.

8.7.2.1. The Precedence Rule

When a user attempts any kind of access to a directory entry, Directory Server examines the access

control set in the directory. To determine access, Directory Server applies the precedence rule. This

128

Description

Indicates that the user can use any other

DN, except Directory Manager, to access the

directory with the rights of this DN.

Table of Contents

Need help?

Do you have a question about the DIRECTORY SERVER 8.1 - DEPLOYMENT and is the answer not in the manual?

Bind Rules; Setting Permissions; The Precedence Rule - Red Hat DIRECTORY SERVER 8.1 - DEPLOYMENT Deployment Manual

8.7.1.3. Bind Rules

8.7.2. Setting Permissions

8.7.2.1. The Precedence Rule

Need help?

Questions and answers

Subscribe to Our Youtube Channel

Related Manuals for Red Hat DIRECTORY SERVER 8.1 - DEPLOYMENT

Related Content for Red Hat DIRECTORY SERVER 8.1 - DEPLOYMENT

Table of Contents