Netscape DIRECTORY SERVER 6.1 - ADMINISTRATOR Administrator's Manual page 239

On the Targets tab, click This Entry to display the
5.
in the target directory entry field. In the attribute table, tick the checkboxes for
the ,
homePhone homePostalAddress
All other checkboxes should be clear. This task is made easier if you click the
Check None button to clear the checkoxes for all attributes in the table, then
clikc the Name header to organize them alphabetically, and select the
appropriate ones.
On the Hosts tab, click Add to display the Add Host Filter dialog box. In the
6.
DNS host filter field, type
Click OK in the Access Control Editor window.
7.
The new ACI is added to the ones listed in the Access Control Manager
window.
ACI "Write Subscribers"
NOTE By setting this permission, you are also granting users the right to
delete attribute values.
In LDIF, to grant
example.com
home telephone number, you would write the following statement:
aci: (targetattr="userPassword || homePhone") (version 3.0; acl
"Write Subscribers"; allow (write) userdn= "ldap://self" and
authmethod="ssl";)
This example assumes that the
dc=example,dc=com
Note that
example.com
because they might delete the attribute, and
for billing. Therefore, the home address is business-critical information.
From the Console, you can set this permission by doing the following:
On the Directory tab, right click the Subscribers entry under the
1.
node in the left navigation tree, and choose Set Access Permissions from the
pop-up menu to display the Access Control Manager.
Click New to display the Access Control Editor.
2.
, and
*.example.com
subscribers the right to update their password and
is added to the
aci
entry.
subscribers do not have write access to their home address,
Access Control Usage Examples
dc=example,dc=com
attributes.
userPassword
. Click OK to dismiss the dialog box.
ou=subscribers,
needs that information
example.com
Chapter 6 Managing Access Control
suffix
example.com
239