Configuring the Directory Server
Configuring Security in the Directory Server
Managing Global ACIs With dsconfig
Granting Write Access to Personal Entries
Granting a Group Full Access to a Suffix
Granting Rights to Add and Delete Group Entries
Allowing Users to Add or Remove Themselves From a Group
Granting Conditional Access to a Group
Defining Permissions for DNs That Contain a Comma
The Get Effective Rights Control
Using the Get Effective Rights Control
Understanding Effective Rights Results
The global ACIs are all values of the global-aci property of the access control handler. You can use dsconfig to display the global ACIs currently configured on the server by viewing the global-aci property.
$ dsconfig -D cn="Directory Manager" -w password -n get-access-control-handler-prop \ --property global-aci Property : Value(s) -----------:------------------------------------------------------------------- global-aci : (extop="1.3.6.1.4.1.26027.1.6.1 || 1.3.6.1.4.1.26027.1.6.3 || : 1.3.6.1.4.1.4203.1.11.1 || 1.3.6.1.4.1.1466.20037 || : 1.3.6.1.4.1.4203.1.11.3") (version 3.0; acl "Anonymous extended : operation access"; allow(read) userdn="ldap:///anyone";), : "(target="ldap:///")(targetscope="base")(targetattr="objectClass|| : namingContexts||supportedAuthPasswordSchemes||supportedControl||su : pportedExtension||supportedFeatures||supportedLDAPVersion||support : edSASLMechanisms||vendorName||vendorVersion")(version 3.0; acl : "User-Visible Root DSE Operational Attributes"; allow : (read,search,compare) userdn="ldap:///anyone";)", : "(target="ldap:///cn=schema")(targetscope="base")(targetattr="obje : ctClass||attributeTypes||dITContentRules||dITStructureRules||ldapS : yntaxes||matchingRules||matchingRuleUse||nameForms||objectClasses" : )(version 3.0; acl "User-Visible Schema Operational Attributes"; : allow (read,search,compare) userdn="ldap:///anyone";)", : (target="ldap:///dc=replicationchanges")(targetattr="*")(version : 3.0; acl "Replication backend access"; deny (all) : userdn="ldap:///anyone";), : "(targetattr!="userPassword||authPassword")(version 3.0; acl : "Anonymous read access"; allow (read,search,compare) : userdn="ldap:///anyone";)", (targetattr="*")(version 3.0; acl : "Self entry modification"; allow (write) userdn="ldap:///self";), : "(targetattr="createTimestamp||creatorsName||modifiersName||modify : Timestamp||entryDN||entryUUID||subschemaSubentry")(version 3.0; : acl "User-Visible Operational Attributes"; allow : (read,search,compare) userdn="ldap:///anyone";)", : (targetcontrol="2.16.840.1.113730.3.4.2 || : 2.16.840.1.113730.3.4.17 || 2.16.840.1.113730.3.4.19 || : 1.3.6.1.4.1.4203.1.10.2 || 1.3.6.1.4.1.42.2.27.8.5.1 || : 2.16.840.1.113730.3.4.16") (version 3.0; acl "Anonymous control : access"; allow(read) userdn="ldap:///anyone";)