1. Manuals
  2. Brands
  3. Netscape Manuals
  4. Server
  5. NETSCAPE DIRECTORY SERVER 6.2 - DEPLOYMENT
  6. Deployment manual

Bind Rules - Netscape DIRECTORY SERVER 6.2 - DEPLOYMENT Deployment Manual

Hide thumbs
Table of Contents

Advertisement

You can allow or deny the following permissions:
Read—Indicates whether directory data may be read.
Write—Indicates whether directory data may be changed or created. This
permission also allows directory data to be deleted, but not the entry itself. To
delete an entire entry, the user must have delete permissions.
Search—Indicates whether the directory data can be searched. This differs
from the Read permission in that Read allows directory data to be viewed if it
is returned as part of a search operation. For example, if you allow searching
for common names and read for a person's room number, then the room
number can be returned as part of the common name search, but the room
number cannot, itself, be searched for. This would prevent people from
searching your directory to see who it is that sits in a particular room.
Compare—Indicates whether the data may be used in comparison operations.
Compare implies the ability to search, but actual directory information is not
returned because of the search. Instead, a simple Boolean value is returned that
indicates whether the compared values match. This is used to match
attribute values during directory authentication.
userPassword
Selfwrite—Used only for group management. This permission allows someone
to add to or delete themselves from a group.
Add—Indicates whether child entries can be created. This permission allows a
user to create child entries beneath the targeted entry.
Delete—Indicates whether an entry can be deleted. This permission allows a
user to delete the targeted entry.
Proxy—Indicates that the user can use any other DN, except Directory
Manager, to access the directory with the rights of this DN.

Bind Rules

The bind rule usually indicates the bind DN subject to the permission. It can also
specify bind attributes such as time of day or IP address.
Bind rules allow you to easily express that the ACI applies only to a user's own
entry. You can use this to allow users to update their own entries without running
the risk of a user updating another user's entry.
Using bind rules, you can indicate that the ACI is applicable:
Only if the bind operation is arriving from a specific IP address or DNS
hostname. This is often used to force all directory updates to occur from a
given machine or network domain.
Designing Access Control
Chapter 7
Designing a Secure Directory
157

Advertisement

Table of Contents
loading

Related Manuals for Netscape NETSCAPE DIRECTORY SERVER 6.2 - DEPLOYMENT

Related Content for Netscape NETSCAPE DIRECTORY SERVER 6.2 - DEPLOYMENT

This manual is also suitable for:

Directory server 6.2

Table of Contents