Table of Contents
Advertisement
See "Access Control Usage Examples," on page 229 for a collection of access control
rules commonly used in Directory Server security policies, along with step-by-step
instructions for using the Directory Server Console to create them.
The Access Control Editor does not enable you to construct some of the more
complex ACIs when you are in Visual editing mode. In particular, from the Access
Control Editor you cannot:
•
Deny access (see "Permissions Syntax," on page 205)
•
Create value-based ACIs (see "Targeting Attribute Values Using LDAP
Filters," on page 200)
•
Define parent access (see "Parent Access (parent Keyword)," on page 209)
•
Create ACIs that contain Boolean bind rules (see "Using Boolean Bind Rules,"
on page 223)
•
Generally, create ACIs that use the following keywords:
authmethod
TIP
In the Access Control Editor, you can click on the Edit Manually
button at any time to check the LDIF representation of the changes
you make through the graphical interface.
Displaying the Access Control Editor
Start the Directory Server Console. Log in using the bind DN and password of
1.
a privileged user such as the directory manager who has write access to the
ACIs configured for the directory.
For instructions, refer to "Using the Directory Server Console," on page 28.
On the Directory Server Console, select the Directory tab.
2.
Right-click the entry in the navigation tree for which you want to set access
3.
control, and select Set Access Permissions from the pop-up menu (Figure 6-2).
Alternatively, highlight the entry, and select Set Access Permissions from the
Object menu.
Creating ACIs From the Console
,
roledn
userattr
Chapter 6
Managing Access Control
,
225
Advertisement
Table of Contents
