Table of Contents
Advertisement
In the attribute table, tick the checkboxes for the
b.
homePostalAddress
All other checkboxes should be clear. This task is made easier if you click
the Check None button to clear the checkoxes for all attributes in the table,
then click the Name header to organize them alphabetically, and select the
appropriate ones.
Click OK.
6.
The new ACI is added to the ones listed in the Access Control Manager
window.
Granting Write Access to Personal Entries
Many directory administrators want to allow internal users to change some but not
all of the attributes in their own entry. The directory administrators at
want to allow users to change their own password, home telephone
example.com
number, and home address, but nothing else. This is illustrated in the ACI "Write
example.com" example.
It is also
example.com
information in the
example.com
connection to the directory. This is illustrated in the ACI "Write Subscribers"
example.
ACI "Write example.com"
By setting this permission, you are also granting users the right to
NOTE
delete attribute values.
In LDIF, to grant
example.com
home telephone number and home address, you would write the following
statement:
aci: (targetattr="userPassword || homePhone || homePostalAddress")
(version 3.0; acl "Write example.com"; allow (write) userdn=
"ldap:///self" and dns="*.example.com";)
This example assumes that the ACI is added to the
ou=example-people,dc=example,dc=com
, and
attributes.
mail
's policy to let their subscribers update their own personal
tree provided that they establish an SSL
employees the right to update their password,
Access Control Usage Examples
homePhone
entry.
Chapter 6
Managing Access Control
,
233
Advertisement
Table of Contents
