Granting Write Access To Personal Entries - Red Hat DIRECTORY SERVER 8.0 - ADMINISTRATION Administration Manual
Hide thumbs
Also See for DIRECTORY SERVER 8.0 - ADMINISTRATION:
- Installation manual (128 pages) ,
- Command reference manual (278 pages)
Table of Contents
Advertisement
6. In the Filter for subentries field, type the following filter:
(!(unlistedSubscriber=yes))
7. In the attribute table, select the checkboxes for the homePhone, homePostalAddress, and
mail attributes.
All other checkboxes should be clear; if it is easier, click the Check None button to clear
the checkboxes for all attributes in the table, then click the Name header to organize them
alphabetically, and select the appropriate ones.
8. Click OK.
The new ACI is added to the ones listed in the Access Control Manager window.
6.9.2. Granting Write Access to Personal Entries
Many directory administrators want to allow internal users to change some but not all of the attributes
in their own entry. The directory administrators at example.com want to allow users to change their
own password, home telephone number, and home address, but nothing else. This is illustrated in
Section 6.9.2.1, "ACI "Write
It is also example.com's policy to let their subscribers update their own personal information in the
example.com tree, provided that they establish an SSL connection to the directory. This is illustrated
Section 6.9.2.2, "ACI "Write
in
6.9.2.1. ACI "Write example.com"
NOTE
By setting this permission, you are also granting users the right to delete attribute values.
Granting example.com employees the right to update their password, home telephone number, and
home address has the following statement in LDIF:
aci: (targetattr="userPassword || homePhone ||
homePostalAddress") (version 3.0; acl "Write example.com"; allow
(write) userdn= "ldap:///self" and dns="*.example.com";)
This example assumes that the ACI is added to the ou=example-people,dc=example,dc=com
entry.
From the Console, set this permission by doing the following:
1. In the Directory tab, right-click the example-people entry under the example.com node in the
left navigation tree, and choose Set Access Permissions from the pop-up menu to display the
Access Control Manager.
2. Click New to display the Access Control Editor.
3. In the Users/Groups tab, in the ACI name field, type Write example.com. In the list of users
granted access permission, do the following:
example.com"".
Subscribers"".
Granting Write Access to Personal Entries
187
Advertisement
Table of Contents
Troubleshooting
Subscribe to Our Youtube Channel
Related Manuals for Red Hat DIRECTORY SERVER 8.0 - ADMINISTRATION
Related Products for Red Hat DIRECTORY SERVER 8.0 - ADMINISTRATION
- Red Hat DIRECTORY SERVER 2.0 - GATEWAY
- Red Hat DIRECTORY SERVER 7.1 SP7 - S
- Red Hat DIRECTORY SERVER 8.1 - USING RED HAT CONSOLE 4-28-2008
- Red Hat DIRECTORY SERVER 8.1 - USING THE ADMIN SERVER
- Red Hat Linux Virtual Server
- Red Hat LINUX VIRTUAL SERVER - FOR ENTERPRISE LINUX 5.2 REV 05-2008
- Red Hat LINUX VIRTUAL SERVER 4.5 - ADMINISTRATION
- Red Hat LINUX VIRTUAL SERVER 4.6 - ADMINISTRATION
Need help?
Do you have a question about the DIRECTORY SERVER 8.0 - ADMINISTRATION and is the answer not in the manual?
Questions and answers