Configuring the Directory Server
Configuring Security in the Directory Server
Managing Global ACIs With dsconfig
Granting Write Access to Personal Entries
Granting a Group Full Access to a Suffix
Granting Rights to Add and Delete Group Entries
Allowing Users to Add or Remove Themselves From a Group
Granting Conditional Access to a Group
Defining Permissions for DNs That Contain a Comma
The Get Effective Rights Control
Using the Get Effective Rights Control
Understanding Effective Rights Results
When you install the directory server, eight default global ACIs are defined. The effect of all the default global ACIs is to allow the following:
Anyone has read access to certain controls and extended operations.
Anyone has access to the directory for search, compare, and read operations on user attributes (except for the userpassword and authPassword attributes.)
Authenticated users can modify their own entry in the directory, but not delete it.
Anyone has access to key operational attributes including many in the root DSE and cn=schema, as well as other attributes that show up in entries throughout the server.