1. Manuals
  2. Brands
  3. Netscape Manuals
  4. Server
  5. NETSCAPE DIRECTORY SERVER 6.01 - DEPLOYMENT
  6. Deployment manual

Targets - Netscape DIRECTORY SERVER 6.01 - DEPLOYMENT Deployment Manual

Hide thumbs
Table of Contents

Advertisement

The ACI variables are defined below:
target
Specifies the entry (usually a subtree) the ACI targets, the attribute it targets, or
both. The target identifies the directory element that the ACI applies to. An ACI
can target only one entry, but it can target multiple attributes. In addition, the
target can contain an LDAP search filter. This allows you to set permissions for
widely scattered entries that contain common attribute values.
permission
Identifies the actual permission being set by this ACI. The permission says that
the ACI is allowing or denying a specific type of directory access, such as read
or search, to the specified target.
bind_rule
Identifies the bind DN or network location to which the permission applies.
The bind rule may also specify an LDAP filter, and if that filter is evaluated to
be true for the binding client application, then the ACI applies to the client
application.
So, ACIs are expressed as follows:
"For the directory object target, allow or deny permission if the
bind_rule is true."
permission and bind_rule are set as a pair, and you can have multiple permission
bind_rule pairs for every target. This allows you to efficiently set multiple access
controls for any given target. For example:
target(permission bind_rule)(permission bind_rule)...
For example, you can set a permission that allows anyone binding as Babs Jensen to
write to Babs Jensen's telephone number. The bind rule in this permission is the
part that states "if you bind as Babs Jensen." The target is Babs Jensen's phone
number, and the permission is write access.

Targets

You must decide what entry is targeted by every ACI you create in your directory.
If you target a directory entry that is a directory branch point, then that branch
point, as well as all of its child entries, are included in the scope of the permission.
If you do not explicitly specify a target entry for the ACI, then the ACI is targeted
to the directory entry that contains the ACI statement. Also, the default set of
attributes targeted by the ACI is any attribute available in the targeted entry's
object class structure.
Designing Access Control
Chapter 7
Designing a Secure Directory
135

Advertisement

Table of Contents
loading

Related Manuals for Netscape NETSCAPE DIRECTORY SERVER 6.01 - DEPLOYMENT

Related Content for Netscape NETSCAPE DIRECTORY SERVER 6.01 - DEPLOYMENT

This manual is also suitable for:

Directory server 6.01

Table of Contents