Defining Permissions For Dns That Contain A Comma; Proxied Authorization Aci Example - Red Hat DIRECTORY SERVER 8.0 - ADMINISTRATION Administration Manual
Hide thumbs
Also See for DIRECTORY SERVER 8.0 - ADMINISTRATION:
- Installation manual (128 pages) ,
- Command reference manual (278 pages)
Table of Contents
Advertisement
b. Set the Search area in the Add Users and Groups dialog box to Special Rights, and
select All Authenticated Users from the search results list.
c. Click the Add button to list All Authenticated Users in the list of users who are granted
access permission.
d. Click OK to dismiss the Add Users and Groups dialog box.
4. In the Rights tab, select the checkbox for selfwrite. Make sure the other checkboxes are clear.
5. In the Targets tab, type dc=example,dc=com suffix in the Target directory entry field. In the
attribute table, select the checkbox for the member attribute.
All other checkboxes should be clear; if it is easier, click the Check None button to clear
the checkboxes for all attributes in the table, then click the Name header to organize them
alphabetically, and select the appropriate ones.
6. Click OK.
The new ACI is added to the ones listed in the Access Control Manager window.
6.9.10. Defining Permissions for DNs That Contain a Comma
DNs that contain commas require special treatment within your LDIF ACI statements. In the target
and bind rule portions of the ACI statement, commas must be escaped by a single backslash (\). For
example:
dn: dc=example.com Bolivia\, S.A.,dc=com
objectClass: top
objectClass: organization
aci: (target="ldap:///dc=example.com Bolivia\,S.A.,dc=com")(targetattr=*)
(version 3.0; acl "aci 2"; allow (all)
groupdn = "ldap:///cn=Directory Administrators,dc=example.com Bolivia\, S.A.,dc=com";)
6.9.11. Proxied Authorization ACI Example
Proxied authorization allows one user to bind and perform operation as another user. For example,
example.com has an accounting program which must be able to bind to the directory as an
accounting administrator in order to write data. This authorization assumes three things:
• The client application's bind DN is "uid=MoneyWizAcctSoftware,
ou=Applications,dc=example,dc=com".
• The targeted subtree to which the client application is requesting access is
ou=Accounting,dc=example,dc=com.
• An accounting administrator with access permissions to the
ou=Accounting,dc=example,dc=com subtree exists in the directory.
In order for the client application to gain access to the accounting subtree, using the same access
permissions as the accounting administrator, two ACIs must be set:
Defining Permissions for DNs That Contain a Comma
199
Advertisement
Table of Contents
Troubleshooting
Related Manuals for Red Hat DIRECTORY SERVER 8.0 - ADMINISTRATION
Related Products for Red Hat DIRECTORY SERVER 8.0 - ADMINISTRATION
- Red Hat DIRECTORY SERVER 2.0 - GATEWAY
- Red Hat DIRECTORY SERVER 7.1 SP7 - S
- Red Hat DIRECTORY SERVER 8.1 - USING RED HAT CONSOLE 4-28-2008
- Red Hat DIRECTORY SERVER 8.1 - USING THE ADMIN SERVER
- Red Hat Linux Virtual Server
- Red Hat LINUX VIRTUAL SERVER - FOR ENTERPRISE LINUX 5.2 REV 05-2008
- Red Hat LINUX VIRTUAL SERVER 4.5 - ADMINISTRATION
- Red Hat LINUX VIRTUAL SERVER 4.6 - ADMINISTRATION
Need help?
Do you have a question about the DIRECTORY SERVER 8.0 - ADMINISTRATION and is the answer not in the manual?
Questions and answers