Table of Contents
Advertisement
In the above example, if the client wanted to perform an
the command would include the following controls:
#ldapmodify -D "uid=MoneyWizAcctSoftware,
ou=Applications,dc=example,dc=com" -w secretpwd
-y "uid=AcctAdministrator,ou=Administrators,dc=example,dc=com"
Note that the client binds as itself, but is granted the privileges of the proxy entry.
The client does not need the password of the proxy entry.
NOTE
Viewing the ACIs for an Entry
You can view all the ACIs under a single suffix in the directory by running the
following
ldapsearch -h host -p port -b baseDN -D rootDN -w rootPassword (aci=*) aci
See Netscape Directory Server Configuration, Command, and File Reference for
information on using the
From the Console, you can view all of the ACIs that apply to a particular entry
through the Access Control Manager.
In the Directory Console, on the Directory tab, right-click the entry in the
1.
navigation tree, and select Set Access Permissions.
The Access Control Manager is displayed. It contains a list of the ACIs
belonging to the selected entry.
Check the Show Inherited ACIs checkbox to display all ACIs created on entries
2.
above the selected entry that also apply.
Advanced Access Control: Using Macro ACIs
In organizations that use repeating directory tree structures, it is possible to
optimize the number of ACIs used in the directory by using macros. Reducing the
number of ACIs in your directory tree makes it easier to manage your access
control policy, and improves the efficiency of ACI memory usage.
You cannot use the directory manager's DN (Root DN) as a proxy
DN. In addition, if Directory Server receives more than one proxied
authentication control, an error is returned to the client application
and the bind attempt is unsuccessful.
command:
ldapsearch
ldapsearch
ldapsearch
utility.
Chapter 6
Viewing the ACIs for an Entry
command,
Managing Access Control
249
Advertisement
Table of Contents
