1. Manuals
  2. Brands
  3. Netscape Manuals
  4. Server
  5. NETSCAPE DIRECTORY SERVER 6.01 - DEPLOYMENT
  6. Deployment manual

Using Filtered Access Control Rules; Using Acis: Some Hints And Tricks - Netscape DIRECTORY SERVER 6.01 - DEPLOYMENT Deployment Manual

Hide thumbs
Table of Contents

Advertisement

Designing Access Control

Using Filtered Access Control Rules

One of the more powerful features of the Directory Server ACI model is the ability
to use LDAP search filters to set access control. LDAP search filters allows you to
set access to any directory entry that matches a defined set of criteria.
For example, you could allow read access for any entry that contains an
organizationalUnit
Filtered access control rules let you use predefine levels of access. For example,
suppose your directory contains home address and telephone number information.
Some people want to publish this information, while others want to be "unlisted."
You can handle this situation by doing the following:
Create an attribute on every user's directory entry called
publishHomeContactInfo
Set an access control rule that grants read access to the
homePostalAddress
publishHomeContactInfo
LDAP search filter to express the target for this rule.
Allow your directory users to change the value of their own
publishHomeContactInfo
directory user can decide whether this information is publicly available.
For more information about using LDAP search filters, and on using LDAP search
filters with ACIs, see the Netscape Directory Server Administrator's Guide.

Using ACIs: Some Hints and Tricks

The following are some ideas that you should keep in mind when you implement
your security policy. They can help to lower the administrative burden of
managing your directory security model and improve your directory's
performance characteristics.
Some of the following hints have already been described earlier in this chapter.
They are included here to provide you with a complete list.
Minimize the number of ACIs in your directory.
Although Directory Server can evaluate over 50,000 ACIs, it is difficult to
manage a large number of ACI statements. A large number of ACIs makes it
hard for you to determine immediately the directory object available to
particular clients.
140
Netscape Directory Server Deployment Guide • January 2002
attribute that is set to Marketing.
.
attributes only for entries whose
attribute is set to TRUE (meaning enabled). Use an
attribute to either TRUE or FALSE. In this way, the
and
homePhone

Advertisement

Table of Contents
loading

Related Manuals for Netscape NETSCAPE DIRECTORY SERVER 6.01 - DEPLOYMENT

Related Content for Netscape NETSCAPE DIRECTORY SERVER 6.01 - DEPLOYMENT

This manual is also suitable for:

Directory server 6.01

Table of Contents