Proxied Authorization Aci Example - Netscape DIRECTORY SERVER 6.01 - ADMINISTRATOR Administrator's Manual

Table of Contents

Advertisement

Access Control Usage Examples

Proxied Authorization ACI Example

For this example, suppose:
The client application's bind DN is
ou=Applications,dc=example,dc=com"
The targeted subtree to which the client application is requesting access is
ou=Accounting,dc=example,dc=com
An Accounting Administrator with access permissions to the
ou=Accounting,dc=example,dc=com
In order for the client application to gain access to the Accounting subtree (using
the same access permissions as the Accounting Administrator):
The Accounting Administrator must have access permissions to the
ou=Accounting,dc=example,dc=com
grants all rights to the Accounting Administrator entry:
aci: (target="ldap:///ou=Accounting,dc=example,dc=com")
(targetattr="*") (version 3.0; acl "allowAll-AcctAdmin"; allow (all)
userdn="uid=AcctAdministrator,ou=Administrators,dc=example,dc=com"
)
The following ACI granting proxy rights to the client application must exist in
the directory:
aci: (target="ldap:///ou=Accounting,dc=example,dc=com")
(targetattr="*") (version 3.0; acl "allowproxy-accountingsoftware";
allow (proxy)
userdn="uid=MoneyWizAcctSoftware,ou=Applications,dc=example,dc=com"
)
With this ACI in place, the MoneyWizAcctSoftware client application can bind to
the directory and send an LDAP command such as
that requires the access rights of the proxy DN.
In the above example, if the client wanted to perform an
the command would include the following controls:
#ldapmodify -D "uid=MoneyWizAcctSoftware,
ou=Applications,dc=example,dc=com" -w secretpwd
-y "uid=AcctAdministrator,ou=Administrators,dc=example,dc=com"
Note that the client binds as itself, but is granted the privileges of the proxy entry.
The client does not need the password of the proxy entry.
246
Netscape Directory Server Administrator's Guide • January 2002
"uid=MoneyWizAcctSoftware,
.
.
subtree exists in the directory.
subtree. For example, the following ACI
ldapsearch
ldapsearch
or
ldapmodify
command,

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the NETSCAPE DIRECTORY SERVER 6.01 - ADMINISTRATOR and is the answer not in the manual?

Subscribe to Our Youtube Channel

This manual is also suitable for:

Directory server 6.01

Table of Contents