The Directory Server Access Control Model
Access Control and Replication
To Target an Entry and Attributes
To Target Entries or Attributes Using LDAP Filters
To Target Attribute Values Using LDAP Filters
To Target a Single Directory Entry
To Specify the Scope of an ACI
To Target LDAP Extended Operations
Rights Required for LDAP Operations
Defining User Access (userdn Keyword)
Defining General Access (all Keyword)
Defining Anonymous Access (anyone Keyword)
Defining Self Access (self Keyword)
Defining Parent Access (parent Keyword)
Specifying Users With LDAP URLs
Specifying Users With Wildcards
Specifying Users With a Logical OR of LDAP URLs
Defining Group Access (groupdn Keyword)
Specifying a Group With a Single LDAP URL
Specifying a Group With a Logical OR of LDAP URLs
Defining Access Based on Value Matching (userattr Keyword)
Defining Access From a Specific IP Address (ip Keyword)
Defining Access From a Specific Domain (dns Keyword)
Defining Access at a Specific Time of Day or Day of Week (timeofday and dayofweek Keywords)
Authentication Method Examples
Defining Access Based on a Connection's Security Strength Factor (ssf Keyword)
DIGEST-MD5 QOP Key Size Mapping
Compatibility With the Sun Java System Directory Server Access Control Model
All Attributes targetattr Rule (targetattr="*")
Distinguished Name (DN) Wildcard Matching
Understanding the Directory Server Schema
Understanding Directory Server Plug-Ins
You can set bind rules that state that a client must bind to the directory using a specific authentication method. The following authentication methods are available:
Authentication is not required. This is the default. It represents anonymous access.
The client must provide a user name and password to bind to the directory.
The client must bind to the directory over a Secure Sockets Layer (SSL) or Transport Layer Security (TLS) connection.
In the case of SSL, the connection is established to the LDAPS second port. In the case of TLS, the connection is established through a Start TLS operation. In both cases, a certificate must be provided. For information on setting up SSL, see Using SASL Authentication in Sun OpenDS Standard Edition 2.0 Administration Guide.
The client must bind to the directory using a Simple Authentication and Security Layer (SASL) mechanism, such as DIGEST-MD5 or GSSAPI.
The LDIF syntax for setting a bind rule based on an authentication method is as shown here:
authmethod = "authentication_method"
where authentication_method is none, simple, ssl, or sasl sasl_mechanism.