Table of Contents
Advertisement
Rights Required for LDAP Operations
This section describes the rights you need to grant to users depending on the type
of LDAP operation you want to authorize them to perform.
Adding an entry:
•
Grant add permission on the entry being added.
•
Grant write permission on the value of each attribute in the entry. This right is
granted by default but could be restricted using the
keyword.
Deleting an entry:
•
Grant delete permission on the entry to be deleted.
•
Grant write permission on the value of each attribute in the entry. This right is
granted by default but could be restricted using the
keyword.
Modifying an attribute in an entry:
•
Grant write permission on the attribute type.
•
Grant write permission on the value of each attribute type. This right is granted
by default but could be restricted using the
Modifying the RDN of an entry:
•
Grant write permission on the entry.
•
Grant write permission on the attribute type used in the new RDN.
•
Grant write permission on the attribute type used in the old RDN, if you want
to grant the right to delete the old RDN.
•
Grant write permission on the value of attribute type used in the new RDN.
This right is granted by default but could be restricted using the
targattrfilters
Comparing the value of an attribute:
•
Grant compare permission on the attribute type.
Searching for entries:
•
Grant search permission on each attribute type used in the search filter.
•
Grant read permission on attribute types used in the entry.
keyword.
Creating ACIs Manually
targattrfilters
targattrfilters
keyword.
targattrfilters
Chapter 6
Managing Access Control
209
Advertisement
Table of Contents
Troubleshooting
Need help?
Do you have a question about the NETSCAPE DIRECTORY SERVER 6.1 - ADMINISTRATOR and is the answer not in the manual?
Questions and answers