Sun Java System Directory Server Enterprise Edition 6.3 Administration Guide

ProcedureTo Create, Modify, and Delete ACIs

To create ACIs by using the command line, you first create the ACIs in a file using LDIF statements. Then you add the ACIs to your directory tree by using the ldapmodify command.

You can use DSCC to perform this task. For information, see Directory Service Control Center Interface and the DSCC online help.

  1. Create the ACI in an LDIF file.

    dn: dc=example,dc=com
    changetype: modify
    add: aci
    aci: (target)(version 3.0; acl "name";permission bindrules;)

    This example shows how to add an ACI. To modify or delete the ACI, replace add with replace or delete.

    For more examples of ACIs that are commonly used, see Access Control Usage Examples.

  2. Make the change using the LDIF file.

    $ ldapmodify -h host -p port -D cn=admin,cn=Administrators,cn=config -w - -f ldif-file