Deleting an ACI
179
3. Make the edits to the ACI in the
Access Control Editor
; the different screens are described more
in
Section 6.5.2, “Creating a New ACI”
and in the online help.
4. When you have finished editing the ACI, click
OK
.
The
Access Control Editor
windows closes, and the modified ACI is listed in the
Access Control
Manager
.
6.5.4. Deleting an ACI
To delete an ACI, do the following:
1. In the
Directory
tab, right-click the top entry in the subtree, and choose
Set Access Permissions
from the pop-up menu.
The
Access Control Manager
window opens with a list of ACIs belonging to the entry.
2. In the
Access Control Manager
window, select the ACI to delete.
3. Click
Remove
.
The ACI is no longer listed in the
Access Control Manager
window.
6.6. Viewing ACIs
All the ACIs under a single suffix in the directory can be viewed from the command line by using the
following
ldapsearch
command:
1
ldapsearch -h
host
-p
port
-b
baseDN
-D
rootDN
-w
rootPassword
(aci=*) aci
See the
Directory Server Configuration, Command, and File Reference
for information on using the
ldapsearch
utility.
From the Directory Server Console, all of the ACIs that apply to a particular entry can be viewed
through the
Access Control Manager
.
1. Start the Directory Server Console. See
Section 1.4, “Starting the Directory Server Console”
.
2. In the
Directory
tab, right-click the entry in the navigation tree, and select
Set Access
Permissions
.
The
Access Control Manager
opens with a list of the ACIs belonging to the selected entry.
3. Check the
Show Inherited ACIs
checkbox to display all ACIs created on entries above the
selected entry that also apply.
6.7. Get Effective Rights Control
Finding the rights on existing attributes within a specific entry offers a convenient way for
administrators to find and control the access rights.
The LDAP tools referenced in this guide are Mozilla LDAP, installed with Directory Server in the
/usr/lib/mozldap
directory
on Red Hat Enterprise Linux 5 (32-bit); directories for other platforms are listed in
Section 1.2, “LDAP Tool Locations”
. However,
Red Hat Enterprise Linux systems also include LDAP tools from OpenLDAP. It is possible to use the OpenLDAP commands as
shown in the examples, but you must use the
-x
argument to disable SASL and allow simple authentication.
Содержание DIRECTORY SERVER 8.0
Страница 18: ...xviii ...
Страница 29: ...Configuring the Directory Manager 11 6 Enter the new password and confirm it 7 Click Save ...
Страница 30: ...12 ...
Страница 112: ...94 ...
Страница 128: ...110 ...
Страница 190: ...Chapter 6 Managing Access Control 172 4 Click New to open the Access Control Editor ...
Страница 224: ...206 ...
Страница 324: ...306 ...
Страница 334: ...316 ...
Страница 358: ...340 ...
Страница 410: ...392 ...
Страница 420: ...402 ...
Страница 444: ...426 ...
Страница 454: ...436 ...
Страница 464: ...446 ...
Страница 484: ...466 ...
Страница 512: ...494 ...
Страница 522: ...504 ...