Netscape DIRECTORY SERVER 6.02 - ADMINISTRATOR Administrator's Manual page 237

This example assumes that the ACI is added to the
ou=example-people,dc=example,dc=com
From the Console, you can set this permission by doing the following:
On the Directory tab, right click the
1.
tree, and choose Set Access Permissions from the pop-up menu to display the
Access Control Manager.
Click New to display the Access Control Editor.
2.
On the Users/Groups tab, in the ACI name field, type "Roles". In the list of
3.
users granted access permission, do the following:
Select and remove All Users, then click Add.
a.
The Add Users and Groups dialog box is displayed.
Set the Search area in the Add Users and Groups dialog box to to Special
b.
Rights, and select Self from the Search results list.
Click the Add button to list Self in the list of users who are granted access
c.
permission.
Click OK to dismiss the Add Users and Groups dialog box.
d.
On the Rights tab, tick the checkbox for write. Make sure the other checkboxes
4.
are clear.
On the Hosts tab, click Add to display the Add Host Filter dialog box. In the
5.
DNS host filter field, type
To create the value-based filter for roles, switch to manual editing by clicking
6.
the Edit Manually button. Add the following to the beginning of the LDIF
statement:
(targattrfilters="add=nsRoleDN:(nsRoleDN != "cn=superAdmin,
dc=example,dc=com")")
The LDIF statement should read as follows:
(targattrfilters="add=nsRoleDN:(nsRoleDN != "cn=superAdmin,
dc=example,dc=com")") (targetattr = "*") (target =
"ldap:///dc=example,dc=com") (version 3.0; acl "Roles"; allow
(write) (userdn = "ldap:///self") and (dns="*.example.com");)
Click OK.
7.
The new ACI is added to the ones listed in the Access Control Manager
window.
entry.
example.com
. Click OK to dismiss the dialog box.
*.example.com
Chapter 6
Access Control Usage Examples
node in the left navigation
Managing Access Control 237