Table of Contents
Advertisement
Creating ACIs Manually
Creating ACIs Manually
You can create access control instructions manually using LDIF statements, and
add them to your directory tree using the
sections explain in detail how to create the LDIF statements.
TIP
The ACI Syntax
The
aci
aci: (target)(version 3.0;acl "name";permission bind_rules;)
where
•
target
you want to control access. The target can be a distinguished name, one or
more attributes, or a single LDAP filter. The target is an optional part of the
ACI.
•
version 3.0
•
"name"
ACI. The ACI name is required.
•
permission
(for example, read or search rights).
•
bind_rules
to be granted access. Bind rules can also specifically deny access to certain
users or groups of users.
194
Netscape Directory Server Administrator's Guide • May 2002
LDIF ACI statements can be very complex. However, if you are
setting access control for a large number of directory entries, using
LDIF is the preferred method over using the Console because of the
time it can save.
To familiarize yourself with LDIF ACI statements, however, you
may want to use the Directory Server Console to set the ACI and
then click the Edit Manually button on the Access Control Editor.
This shows you the correct LDIF syntax. If your operating system
allows it, you can even copy the LDIF from the Access Control
Editor and paste it into your LDIF file.
attribute uses the following syntax:
specifies the entry, attributes, or set of entries and attributes for which
is a required string that identifies the ACI version.
is a name for the ACI. The name can be any string that identifies the
specifically outlines what rights you are either allowing or denying
specify the credentials and bind parameters that a user has to provide
utility. The following
ldapmodify
Advertisement
Table of Contents
