Table of Contents
Advertisement
On the Users/Groups tab, in the ACI name field, type "Group Members". In
3.
the list of users granted access permission, do the following:
Select and remove All Users, then click Add.
a.
The Add Users and Groups dialog box is displayed.
Set the Search area in the Add Users and Groups dialog box to to Special
b.
Rights, and select All Authenticated Users from the Search results list.
Click the Add button to list All Authenticated Users in the list of users who
c.
are granted access permission.
Click OK to dismiss the Add Users and Groups dialog box.
d.
On the Rights tab, tick the checkbox for selfwrite. Make sure the other
4.
checkboxes are clear.
On the Targets tab, type
5.
entry field. In the attribute table, tick the checkbox for the
All other checkboxes should be clear. This task is made easier if you click the
Check None button to clear the checkoxes for all attributes in the table, then
clikc the Name header to organize them alphabetically, and select the
appropriate ones.
Click OK.
6.
The new ACI is added to the ones listed in the Access Control Manager
window.
Defining Permissions for DNs That Contain a
Comma
DNs that contain commas require special treatement within your LDIF ACI
statements. In the target and bind rule portions of the ACI statement, commas must
be escaped by a single backslash (\). The following example illustrates this syntax:
dn: dc=example.com Bolivia\, S.A.,dc=com
objectClass: top
objectClass: organization
aci: (target="ldap:///dc=example.com Bolivia\,
S.A.,dc=com")(targetattr=*) (version 3.0; acl "aci 2"; allow (all)
groupdn = "ldap:///cn=Directory Administrators,dc=example.com
Bolivia\, S.A.,dc=com";)
dc=example,dc=com
Chapter 6
Access Control Usage Examples
suffix in the target directory
attribute.
member
Managing Access Control
245
Advertisement
Table of Contents
