1. Manuals
  2. Brands
  3. Netscape Manuals
  4. Server
  5. NETSCAPE DIRECTORY SERVER 6.01 - DEPLOYMENT
  6. Deployment manual

Security Design - Netscape DIRECTORY SERVER 6.01 - DEPLOYMENT Deployment Manual

Hide thumbs
Table of Contents

Advertisement

Security Design

decides on the following security design to protect its directory data:
example.com
creates an ACI that allows employees to modify their own
example.com
entries.
Users can modify all attributes except the
attributes.
To protect the privacy of employee data,
allows only the employee and an employee's manager to see the employee's
home address and phone number.
creates an ACI that allows the two administrator groups the
example.com
appropriate directory permissions is created at the root of the directory tree.
The directory administrators group needs full access to the directory. The
messaging administrators group needs write and delete access to the
and
mailRecipient
those object classes, as well as the
messaging administrators group
group subdirectory for creation of mail groups.
A general access control is created on the root of the directory tree that allows
anonymous access for read, search, and compare access.
This ACI denies anonymous users access to password information.
To protect the server from denial of service attacks and inappropriate use,
sets resource limits based on the DN used by directory clients to
example.com
bind.
allows anonymous users to receive 100 entries at a time in
example.com
response to search requests, administrator users to receive 1,000 entries, and
system administrators to receive an unlimited number of entries. For more
information about setting resource limits based on the bind DN, refer to "User
Account Management" in the Netscape Directory Server Administrator's Guide.
creates a password policy where passwords must be at least 8
example.com
characters in length and expire after 90 days.
For more information about password policies, refer to "Designing a Password
Policy," on page 129.
creates an ACI that gives members of the accounting role access
example.com
to all payroll information.
example.com
object classes, the attributes contained on
mailGroup
attribute.
mail
,
write
delete
,
and
uid
manager
department
develops an ACI that
example.com
, and
permissions to the
add
Chapter 8
Directory Design Examples
An Enterprise
also grants the
153

Advertisement

Table of Contents
loading

Related Manuals for Netscape NETSCAPE DIRECTORY SERVER 6.01 - DEPLOYMENT

Related Content for Netscape NETSCAPE DIRECTORY SERVER 6.01 - DEPLOYMENT

This manual is also suitable for:

Directory server 6.01

Table of Contents