Netscape DIRECTORY SERVER 6.01 - ADMINISTRATOR Administrator's Manual page 229

This example assumes that the
Note that the userPassword attribute is excluded from the scope of the ACI.
From the Console, you can set this permission by doing the following:
On the Directory tab, right click the
1.
tree, and choose Set Access Permissions from the pop-up menu to display the
Access Control Manager.
Click New to display the Access Control Editor.
2.
On the Users/Groups tab, in the ACI name field, type "
3.
". Check that All Users is displayed in the list of users granted
example.com
access permission.
On the Rights tab, tick the checkboxes for read, compare, and search rights.
4.
Make sure the other checkboxes are clear.
On the Targets tab, click This Entry to display the
5.
in the target directory entry field. In the attribute table, locate the
attribute and clear the corresponding checkbox.
userPassword
All other checkboxes should be ticked. This task is made easier if you click the
Name header to organize the list of attributes alphabetically.
On the Hosts tab, click Add, and in the DNS host filter field, type
6.
. Click OK to dismiss the dialog box.
*.example.com
Click OK in the Access Control Editor window.
7.
The new ACI is added to the ones listed in the Access Control Manager
window.
ACI "Anonymous World"
In LDIF, to grant read and search access of the individual subscribers subtree to the
world, while denying access to information on unlisted subscribers, you could
write the following statement:
aci: (targetfilter= "(!(unlistedSubscriber=yes))")
(targetattr="homePostalAddress || homePhone || mail") (version 3.0;
acl "Anonymous World"; allow (read, search) userdn=
"ldap:///anyone";)
is added to the
aci dc=example,dc=com entry
example.com
Chapter 6
Access Control Usage Examples
node in the left navigation
Anonymous
dc=example,dc=com
Managing Access Control
.
suffix
229