Creating ACIs Manually
Chapter 6
Managing Access Control
207
•
permission
specifically outlines what rights you are either allowing or denying
(for example, read or search rights).
•
bind_rules
specify the credentials and bind parameters that a user has to provide
to be granted access. Bind rules can also specifically deny access to certain
users or groups of users.
You can have multiple permission-bind rule pairs for each target. This allows you
to set multiple access controls for a given target efficiently. For example:
target
(
permission
bind_rule
)(
permission
bind_rule
)...
If you have several ACRs in one ACI statement, the syntax is of the form:
aci: (
target
)(version 3.0;acl "
name
"
;
permission
bind_rule
;
permission
bind_rule
; ...
permission
bind_rule
;)
Example ACI
The following is an example of a complete LDIF ACI:
aci:
(target="ldap:///uid=bjensen,dc=example,dc=com")(targetattr=*)
(version 3.0;acl "aci1";allow (write) userdn="ldap:///self";)
In this example, the ACI states that the user
bjensen
has rights to modify all
attributes in her own directory entry.
The following sections describe the syntax of each portion of the ACI in more
detail.
Defining Targets
The target identifies to what the ACI applies. If the target is not specified, the ACI
applies to the entry containing the
aci
attribute and to the entries below it.
A target can be:
• A directory entry or all of the entries in a subtree, as described in “Targeting a
Directory Entry,” on page 209.
• Attributes of an entry, as described in “Targeting Attributes,” on page 211.
• A set of entries or attributes that match a specified LDAP filter, as described in
“Targeting Entries or Attributes Using LDAP Filters,” on page 212.
Summary of Contents for DIRECTORY SERVER 7.1
Page 1: ...Administrator s Guide Red Hat Directory Server Version7 1 May 2005 Updated February 2009 ...
Page 20: ...20 Red Hat Directory Server Administrator s Guide May 2005 Glossary 619 Index 635 ...
Page 22: ...22 Red Hat Directory Server Administrator s Guide May 2005 ...
Page 26: ...26 Red Hat Directory Server Administrator s Guide May 2005 ...
Page 78: ...Maintaining Referential Integrity 78 Red Hat Directory Server Administrator s Guide May 2005 ...
Page 200: ...Assigning Class of Service 200 Red Hat Directory Server Administrator s Guide May 2005 ...
Page 488: ...488 Red Hat Directory Server Administrator s Guide May 2005 ...
Page 528: ...PTA Plug in Syntax Examples 528 Red Hat Directory Server Administrator s Guide May 2005 ...
Page 572: ...572 Red Hat Directory Server Administrator s Guide May 2005 ...
Page 612: ...Examples of LDAP URLs 612 Red Hat Directory Server Administrator s Guide May 2005 ...
Page 634: ...634 Red Hat Directory Server Administrator s Guide May 2005 ...