Viewing the ACIs for an Entry
Chapter 6
Managing Access Control
265
Information is not given for attributes in an entry that do not have a value; for
example, if the
userPassword
value is removed, then a future effective rights
search on the entry above would not return any effective rights for
userPassword
,
even though self-write and self-delete rights could be allowed. Likewise, if the
street
attribute were added with read, compare, and search rights, then
street:
rsc
would appear in the
attributeLevelRights
results.
Table 6-3 and Table 6-4 summarize the permissions that can be set on entries and
on attributes that are retrieved by the get effective rights operation.
Using Get Effective Rights from the Command-Line
To retrieve the effective rights with
ldapsearch
, you must pass the control
information with the
ldapsearch
utility’s
-J
option, as follows:
./ldapsearch -p
port
-h
host
-D
bindDN
-w
bindPassword
-b
user
-J
control OID
:
boolean criticality
:dn:
AuthId
Table 6-3
Permissions That Can Be Set on Entries
Permission
Description
a
Add.
d
Delete.
n
Rename the DN.
v
View the entry.
Table 6-4
Permissions That Can Be Set on Attributes
Permission
Description
r
Read.
s
Search.
w
Write (
mod-add
).
o
Obliterate (
mod-del
). Analogous to delete.
c
Compare.
W
Self-write.
O
Self-delete.
Summary of Contents for DIRECTORY SERVER 7.1
Page 1: ...Administrator s Guide Red Hat Directory Server Version7 1 May 2005 Updated February 2009 ...
Page 20: ...20 Red Hat Directory Server Administrator s Guide May 2005 Glossary 619 Index 635 ...
Page 22: ...22 Red Hat Directory Server Administrator s Guide May 2005 ...
Page 26: ...26 Red Hat Directory Server Administrator s Guide May 2005 ...
Page 78: ...Maintaining Referential Integrity 78 Red Hat Directory Server Administrator s Guide May 2005 ...
Page 200: ...Assigning Class of Service 200 Red Hat Directory Server Administrator s Guide May 2005 ...
Page 488: ...488 Red Hat Directory Server Administrator s Guide May 2005 ...
Page 528: ...PTA Plug in Syntax Examples 528 Red Hat Directory Server Administrator s Guide May 2005 ...
Page 572: ...572 Red Hat Directory Server Administrator s Guide May 2005 ...
Page 612: ...Examples of LDAP URLs 612 Red Hat Directory Server Administrator s Guide May 2005 ...
Page 634: ...634 Red Hat Directory Server Administrator s Guide May 2005 ...