Restricting Access to Key Roles
189
2. Click
New
to display the
Access Control Editor
.
3. In the
Users/Groups
tab, in the
ACI name
field, type
Write Subscribers
. In the list of users
granted access permission, do the following:
a. Select and remove
All Users
, then click
Add
.
The
Add Users and Groups
dialog box opens.
b. Set the
Search
area to
Special Rights
, and select
Self
from the search results list.
c. Click the
Add
button to list
Self
in the list of users who are granted access permission.
d. Click
OK
to dismiss the
Add Users and Groups
dialog box.
4. In the
Rights
tab, select the checkbox for
write
. Make sure the other checkboxes are clear.
5. In the
Targets
tab, click
This Entry
to display the
ou=subscribers, dc=example,dc=com
suffix in the
Target directory entry
field.
a. In the
Filter for subentries
field, type the following filter:
(!(unlistedSubscriber=yes))
b. In the attribute table, select the checkboxes for the
homePhone
,
homePostalAddress
, and
attributes.
All other checkboxes should be clear; if necessary, click the
Check None
button to clear
the checkboxes for all attributes in the table, then click the
Name
header to organize them
alphabetically, and select the appropriate ones.
c. Optionally, to require users to authenticate using SSL, switch to manual editing by clicking the
Edit Manually
button, and add
authmethod=ssl
to the LDIF statement so that it reads as
follows:
(targetattr="homePostalAddress || homePhone || mail")
(version 3.0; acl "Write Subscribers"; allow (write)
(userdn= "ldap:///self") and authmethod="ssl";)
6. Click
OK
.
The new ACI is added to the ones listed in the
Access Control Manager
window.
6.9.3. Restricting Access to Key Roles
You can use role definitions in the directory to identify functions that are critical to your business, the
administration of your network and directory, or another purpose.
For example, you might create a
superAdmin
role by identifying a subset of your system
administrators that are available at a particular time of day and day of the week at corporate sites
worldwide, or you might want to create a
First Aid
role that includes all members of staff on
a particular site that have done first aid training. For information on creating role definitions, see
Section 5.1, “Using Roles”
.
Содержание DIRECTORY SERVER 8.0
Страница 18: ...xviii ...
Страница 29: ...Configuring the Directory Manager 11 6 Enter the new password and confirm it 7 Click Save ...
Страница 30: ...12 ...
Страница 112: ...94 ...
Страница 128: ...110 ...
Страница 190: ...Chapter 6 Managing Access Control 172 4 Click New to open the Access Control Editor ...
Страница 224: ...206 ...
Страница 324: ...306 ...
Страница 334: ...316 ...
Страница 358: ...340 ...
Страница 410: ...392 ...
Страница 420: ...402 ...
Страница 444: ...426 ...
Страница 454: ...436 ...
Страница 464: ...446 ...
Страница 484: ...466 ...
Страница 512: ...494 ...
Страница 522: ...504 ...