Chapter 6. Managing Access Control
158
NOTE
If a DN contains a comma, the comma must be preceded by a backslash (
\
) escape
character.
6.4.2.1. Anonymous Access (anyone Keyword)
Granting anonymous access to the directory means that anyone can access it without providing a bind
DN or password and regardless of the circumstances of the bind. You can limit anonymous access
to specific types of access (for example, read or search access) or to specific subtrees or individual
entries within the directory.
From the Directory Server Console, you define anonymous access through the
Access Control
Editor
. See
Section 6.5, “Creating ACIs from the Console”
.
6.4.2.2. General Access (all Keyword)
You can use bind rules to indicate that a permission applies to anyone who has successfully bound to
the directory; that is, all authenticated users. This allows general access while preventing anonymous
access.
From the Directory Server Console, you define general access on the
Access Control Editor
. For
more information, see
Section 6.5, “Creating ACIs from the Console”
.
6.4.2.3. Self Access (self Keyword)
Specifies that users are granted or denied access to their own entries. In this case, access is granted
or denied if the bind DN matches the DN of the targeted entry.
From the Directory Server Console, you set up self access on the
Access Control Editor
. For more
information, see
Section 6.5, “Creating ACIs from the Console”
.
6.4.2.4. Parent Access (parent Keyword)
Specifies that users are granted or denied access to the entry only if their bind DN is the parent of the
targeted entry.
You cannot set up parent access control using the Directory Server Console.
6.4.2.5. LDAP URLs
You can dynamically target users in ACIs using a URL with an LDAP filter:
userdn = "ldap:///
suffix
??
scope
?(
filter
)"
For example, all users in the accounting and engineering branches of the
example.com
tree would
be granted or denied access to the targeted resource dynamically based on the following URL:
userdn = "ldap:///dc=example,dc=com??sub?(|(ou=engineering)(ou=accounting))"
Summary of Contents for DIRECTORY SERVER 8.0
Page 18: ...xviii ...
Page 29: ...Configuring the Directory Manager 11 6 Enter the new password and confirm it 7 Click Save ...
Page 30: ...12 ...
Page 112: ...94 ...
Page 128: ...110 ...
Page 190: ...Chapter 6 Managing Access Control 172 4 Click New to open the Access Control Editor ...
Page 224: ...206 ...
Page 324: ...306 ...
Page 334: ...316 ...
Page 358: ...340 ...
Page 410: ...392 ...
Page 420: ...402 ...
Page 444: ...426 ...
Page 454: ...436 ...
Page 464: ...446 ...
Page 484: ...466 ...
Page 512: ...494 ...
Page 522: ...504 ...