Targeting Both An Entry And Attributes; Targeting Entries Or Attributes Using Ldap Filters - Red Hat DIRECTORY SERVER 8.0 - ADMINISTRATION Administration Manual
Hide thumbs
Also See for DIRECTORY SERVER 8.0 - ADMINISTRATION:
- Installation manual (128 pages) ,
- Command reference manual (278 pages)
Table of Contents
Advertisement
Chapter 6. Managing Access Control
attributeX is the name of the targeted attribute. For example, this targets the common name (cn)
attribute:
(targetattr = "cn")
To target an entry's common name, surname, and UID attributes, use the following:
(targetattr = "cn || sn || uid")
The attributes specified in the targetattr keyword apply to the entry that the ACI is
targeting and to all the entries below it. If you target the password attribute on the entry
uid=bjensen,ou=Marketing,dc=example,dc=com, only the password attribute on the bjensen
entry is affected by the ACI because it is a leaf entry.
If, however, you target the tree's branch point ou=Marketing,dc=example,dc=com, then all the
entries beneath the branch point that can contain a password attribute are affected by the ACI.
6.3.2.3. Targeting Both an Entry and Attributes
By default, the entry targeted by an ACI containing a targetattr keyword is the entry on
which the ACI is placed. That is, putting an ACI such as aci: (targetattr = "uid")
(access_control_rules;) on the ou=Marketing,dc=example,dc=com entry means that the ACI
applies to the entire Marketing subtree. However, you can also explicitly specify a target using the
target keyword:
aci: (target="ldap:///ou=Marketing,dc=example,dc=com")(targetattr="uid")
(access_control_rules;)
The order in which you specify the target and the targetattr keywords is not important.
6.3.2.4. Targeting Entries or Attributes Using LDAP Filters
You can use LDAP filters to target a group of entries that match certain criteria. To do this, you must
use the targetfilter keyword with an LDAP filter. The syntax of the targetfilter keyword is as
follows:
(targetfilter = "LDAP_filter")
LDAP_filter is a standard LDAP search filter. For more information on the syntax of LDAP search
Appendix B, Finding Directory
Entries.
filters, see
For example, suppose that all entries in the accounting department include the attribute-value
pair ou=accounting, and all entries in the engineering department include the attribute-value
pair ou=engineering subtree. The following filter targets all the entries in the accounting and
engineering branches of the directory tree:
(targetfilter = "(|(ou=accounting)(ou=engineering))")
This type of filter targets whole entries. You can associate the targetfilter and the targetattr
keywords to create ACIs that apply to a subset of attributes in the targeted entries.
150
Advertisement
Table of Contents
Troubleshooting
Related Manuals for Red Hat DIRECTORY SERVER 8.0 - ADMINISTRATION
Related Products for Red Hat DIRECTORY SERVER 8.0 - ADMINISTRATION
- Red Hat DIRECTORY SERVER 2.0 - GATEWAY
- Red Hat DIRECTORY SERVER 7.1 SP7 - S
- Red Hat DIRECTORY SERVER 8.1 - USING RED HAT CONSOLE 4-28-2008
- Red Hat DIRECTORY SERVER 8.1 - USING THE ADMIN SERVER
- Red Hat Linux Virtual Server
- Red Hat LINUX VIRTUAL SERVER - FOR ENTERPRISE LINUX 5.2 REV 05-2008
- Red Hat LINUX VIRTUAL SERVER 4.5 - ADMINISTRATION
- Red Hat LINUX VIRTUAL SERVER 4.6 - ADMINISTRATION
Need help?
Do you have a question about the DIRECTORY SERVER 8.0 - ADMINISTRATION and is the answer not in the manual?
Questions and answers