Configuring the Directory Server
Configuring Security in the Directory Server
Managing Global ACIs With dsconfig
Granting Write Access to Personal Entries
Granting a Group Full Access to a Suffix
Granting Rights to Add and Delete Group Entries
Allowing Users to Add or Remove Themselves From a Group
Granting Conditional Access to a Group
Defining Permissions for DNs That Contain a Comma
The Get Effective Rights Control
Using the Get Effective Rights Control
Understanding Effective Rights Results
You can remove an ACI by specifying its value in an LDIF file, and then removing the value with the ldapmodify command.
The following sample LDIF file (remove-aci.ldif) removes the ACI that was added in the previous procedure:
dn: ou=people,dc=example,dc=com changetype: modify delete: aci aci: (targetattr="*")(version 3.0; acl "give csmith full rights"; allow(all) userdn = "ldap:///uid=csmith,ou=People,dc=example,dc=com";)
The following command applies the changes contained in the remove-aci.ldif file to the directory:
$ ldapmodify -h localhost -p 1389 -D "cn=Directory Manager" -w password \ --filename remove-aci.ldif Processing MODIFY request for ou=people,dc=example,dc=com MODIFY operation successful for DN ou=people,dc=example,dc=com