ADD, VIEW and DELETE ACI’s in ODSEE

The below post explains the steps to add, view and delete ACI’s in ODSEE. The directoy server access control (ACI) overview is explained here

ADD, VIEW and DELETE ACI’s in ODSEE

To Add an  Aci

create an ldif file add_aci.ldif with the aci details to be created

The following adds an ACI that grants the user cn=adminuser,ou=Admin Users,o=test with access rights to add, read, write, compare and search  in the directory o=users,o=test the directory:

dn: o=test
changetype: modify
add: aci
ACI: (target = ldap:///o=users,o=test) (targetscope = subtree) (targetattr=”*”)
(version 3.0; acl “ACL for admin user”; allow (add, read, write, compare, search) (
userdn = “ldap:///cn=adminuser,ou=Admin Users,o=test”) ; )

To VIEW an ACI

The following command will list all the acis and adds its to file “test” (on unix)

ldapsearch -x -h localhost -p 389 -D “cn=Directory Manager” -w welcome1  -b o=test  -s sub “(objectclass=*)” aci > test

Open the test file

search for adminuser in test file

The ACI details will be listed as given below ,

ACI: (target = ldap:///o=users,o=test) (targetscope = subtree) (targetattr=”*”)
(version 3.0; acl “ACL for admin user”; allow (add, read, write, compare, search) (
userdn = “ldap:///cn=adminuser,ou=Admin Users,o=test”) ; )

To Delete an  ACI

create an ldif file del_aci.ldif with the aci details to be deleted.

dn: o=ae
changetype: modify
delete: aci
ACI: (target = ldap:///o=users,o=test) (targetscope = subtree) (targetattr=”*”)
(version 3.0; acl “ACL for admin user”; allow (add, read, write, compare, search) (
userdn = “ldap:///cn=adminuser,ou=Admin Users,o=test”) ; )

# ldapmodify -h localhost -p 389 -D “cn=Directory Manager” -w welcome1 -f del_aci.ldif

This command will delete the above aci.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>