Netscape DIRECTORY SERVER 6.1 - ADMINISTRATOR Administrator's Manual page 236

Access Control Usage Examples
This example assumes that the
Note that the userPassword attribute is excluded from the scope of the ACI.
From the Console, you can set this permission by doing the following:
On the Directory tab, right click the
1.
tree, and choose Set Access Permissions from the pop-up menu to display the
Access Control Manager.
Click New to display the Access Control Editor.
2.
On the Users/Groups tab, in the ACI name field, type "
3.
example.com
access permission.
On the Rights tab, tick the checkboxes for read, compare, and search rights.
4.
Make sure the other checkboxes are clear.
On the Targets tab, click This Entry to display the
5.
in the target directory entry field. In the attribute table, locate the
userPassword
All other checkboxes should be ticked. This task is made easier if you click the
Name header to organize the list of attributes alphabetically.
On the Hosts tab, click Add, and in the DNS host filter field, type
6.
*.example.com
Click OK in the Access Control Editor window.
7.
The new ACI is added to the ones listed in the Access Control Manager
window.
ACI "Anonymous World"
In LDIF, to grant read and search access of the individual subscribers subtree to the
world, while denying access to information on unlisted subscribers, you could
write the following statement:
aci: (targetfilter= "(!(unlistedSubscriber=yes))")
(targetattr="homePostalAddress || homePhone || mail") (version 3.0;
acl "Anonymous World"; allow (read, search) userdn=
"ldap:///anyone";)
236 Netscape Directory Server Administrator's Guide • August 2002
is added to the
aci
". Check that All Users is displayed in the list of users granted
attribute and clear the corresponding checkbox.
. Click OK to dismiss the dialog box.
dc=example,dc=com entry
node in the left navigation
example.com
Anonymous
dc=example,dc=com
.
suffix