Starting and Stopping Your Server Instance
Configuring the Server Instance
Configuring the Proxy Components
Configuring Security Between Clients and Servers
Configuring Security Between the Proxy and the Data Source
Configuring Servers With the Control Panel
Managing Global ACIs With dsconfig
Granting Write Access to Personal Entries
Granting a Group Full Access to a Suffix
Granting Rights to Add and Delete Group Entries
Allowing Users to Add or Remove Themselves From a Group
Granting Conditional Access to a Group
Defining Permissions for DNs That Contain a Comma
The Get Effective Rights Control
Using the Get Effective Rights Control
Understanding Effective Rights Results
Restricting Access to the Get Effective Rights Control
When you install Sun OpenDS Standard Edition, eight default global ACIs are defined. The effect of all the default global ACIs is to allow the following:
Anyone has read access to certain controls and extended operations.
Anyone has access to search, compare, and read user attributes (except for the userpassword and authPassword attributes.)
Authenticated users can modify a subset of the attributes in their own entries in the directory. Users are unable to delete their own entries.
Anyone has access to key operational attributes including many in the root DSE and cn=schema, as well as other attributes that show up in entries throughout the server.
The proxy does not evaluate global ACIs. The proxy forwards LDAP requests to the remote LDAP server, and the remote LDAP server evaluates the ACIs.