Directory Server Access Control

Directory Server Access Control

Directory Server Access control instructions (ACIs) is to define the permission granted to users on the directory. You can allow/deny users to perform actions in the directory by defining directory server access control instructions.

Read more about ACI’s read the oracle documentation here.

To list the existing ACI’s execute the below command in directory server,

ldapsearch -x -h localhost -p 389 -D “cn=Directory Manager” -w welcome1 -b o=test -s sub “(objectclass=*)” aci

 Syntax:

dn: o=test
changetype: modify
add: aci
aci: (target)(version 3.0; acl “name”;permission bindrules;)

Example:

dn: o=test

changetype: modify

add: aci

ACI: (target = ldap:///o=portal,o=test) (targetscope = subtree) (targetattr=”*”)

(version 3.0; acl “ACL for test1 user”; allow (read, compare, search) (

userdn = “ldap:///cn=test1,ou=Admin Users,o=test”) ; )

 

$ ldapmodify -h host -p port -D “Directory Manager” -w welcome1 -f ldif-file

 

This will enable read, compare and search operation for the user “cn=test1,ou=Admin Users,o=test” in “o=portal,o=test

 

Steps to add, view and delete aci  is explianed here.

 

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>