Creating Acis Manually; The Aci Syntax - Red Hat DIRECTORY SERVER 8.0 - ADMINISTRATION Administration Manual
Hide thumbs
Also See for DIRECTORY SERVER 8.0 - ADMINISTRATION:
- Installation manual (128 pages) ,
- Command reference manual (278 pages)
Table of Contents
Advertisement
Chapter 6. Managing Access Control
• Group expansion.
The following sections explain how to modify these default settings.
6.3. Creating ACIs Manually
You can create access control instructions manually using LDIF statements and add them to your
directory tree using the ldapmodify utility, similar to the instructions in
Statements". The following sections explain in detail how to create the LDIF statements.
NOTE
LDIF ACI statements can be very complex. However, if you are setting access control for
a large number of directory entries, using LDIF is the preferred because it is faster than
using the Console. To familiarize yourself with LDIF ACI statements, however, you may
want to use the Directory Server Console to set the ACI and then click the Edit Manually
button on the Access Control Editor. This shows you the correct LDIF syntax. If your
operating system allows it, you can even copy the LDIF from the Access Control Editor
and paste it into your LDIF file.
6.3.1. The ACI Syntax
The aci attribute uses the following syntax:
aci: (target)(version 3.0;acl "name";permissionbind_rules;)
• target specifies the entry, attributes, or set of entries and attributes for which to control access. The
target can be a distinguished name, one or more attributes, or a single LDAP filter. The target is an
optional part of the ACI.
• version 3.0 is a required string that identifies the ACI version.
• name is a name for the ACI. The name can be any string that identifies the ACI. The ACI name is
required.
• permission specifically outlines what rights are being allowed or denied; for example, read or search
rights.
• bind_rules specify the credentials and bind parameters that a user has to provide to be granted
access. Bind rules can also specifically deny access to certain users or groups of users.
You can have multiple permission-bind rule pairs for each target. This allows you to set multiple
access controls for a given target efficiently. For example:
target(permissionbind_rule)(permissionbind_rule)...
If you have several ACRs in one ACI statement, the syntax is in the following form:
aci: (target)(version 3.0;acl
"name";permissionbind_rule; permissionbind_rule; ... permissionbind_rule;)
146
Section 2.4, "LDIF Update
Advertisement
Table of Contents
Troubleshooting
Subscribe to Our Youtube Channel
Related Manuals for Red Hat DIRECTORY SERVER 8.0 - ADMINISTRATION
Related Products for Red Hat DIRECTORY SERVER 8.0 - ADMINISTRATION
- Red Hat DIRECTORY SERVER 2.0 - GATEWAY
- Red Hat DIRECTORY SERVER 7.1 SP7 - S
- Red Hat DIRECTORY SERVER 8.1 - USING RED HAT CONSOLE 4-28-2008
- Red Hat DIRECTORY SERVER 8.1 - USING THE ADMIN SERVER
- Red Hat Linux Virtual Server
- Red Hat LINUX VIRTUAL SERVER - FOR ENTERPRISE LINUX 5.2 REV 05-2008
- Red Hat LINUX VIRTUAL SERVER 4.5 - ADMINISTRATION
- Red Hat LINUX VIRTUAL SERVER 4.6 - ADMINISTRATION
Need help?
Do you have a question about the DIRECTORY SERVER 8.0 - ADMINISTRATION and is the answer not in the manual?
Questions and answers