Bind Rules - Netscape DIRECTORY SERVER 6.1 - DEPLOYMENT Deployment Manual

Hide thumbs Also See for NETSCAPE DIRECTORY SERVER 6.1 - DEPLOYMENT:

Configuration manual (314 pages)

Reference (162 pages)

Installation manual (128 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

page of 200

/ 200
Contents
Table of Contents
Bookmarks

Table of Contents

•

Compare—Indicates whether the data may be used in comparison operations.

Compare implies the ability to search, but actual directory information is not

returned because of the search. Instead, a simple Boolean value is returned that

indicates whether the compared values match. This is used to match

attribute values during directory authentication.

userPassword

•

Selfwrite—Used only for group management. This permission allows someone

to add to or delete themselves from a group.

•

Add—Indicates whether child entries can be created. This permission allows a

user to create child entries beneath the targeted entry.

•

Delete—Indicates whether an entry can be deleted. This permission allows a

user to delete the targeted entry.

•

Proxy—Indicates that the user can use any other DN, except Directory

Manager, to access the directory with the rights of this DN.

Bind Rules

The bind rule usually indicates the bind DN subject to the permission. It can also

specify bind attributes such as time of day or IP address.

Bind rules allow you to easily express that the ACI applies only to a user's own

entry. You can use this to allow users to update their own entries without running

the risk of a user updating another user's entry.

Using bind rules, you can indicate that the ACI is applicable:

•

Only if the bind operation is arriving from a specific IP address or DNS

hostname. This is often used to force all directory updates to occur from a

given machine or network domain.

•

If the person binds anonymously. Setting a permission for anonymous bind

also means that the permission applies to anyone who binds to the directory as

well.

•

For anyone who successfully binds to the directory. This allows general access

while preventing anonymous access.

•

Only if the client has bound as the immediate parent of the entry.

•

Only if the entry that the person has bound as meets a specific LDAP search

criteria.

The following keywords are provided to help you more easily express these kinds

of access:

Designing Access Control

Chapter 7

Designing a Secure Directory

149

Table of Contents

Bind Rules - Netscape DIRECTORY SERVER 6.1 - DEPLOYMENT Deployment Manual

Bind Rules

Related Manuals for Netscape NETSCAPE DIRECTORY SERVER 6.1 - DEPLOYMENT

Related Content for Netscape NETSCAPE DIRECTORY SERVER 6.1 - DEPLOYMENT

Table of Contents