iplanet-am-role-aci-list
Origin
Access Manager
Syntax
string, multi-valued
Object Classes
Definition
The set of ACI's associated with this role. The format is a DN:ACI pair, where the DN of the entry is specified with its ACI. When deleting a role, this attribute allows for the ACI's associated with this role to be located and cleaned up properly.
Example
For native mode (with domain nodes on the organization tree):
iplanet-am-role-aci-list: o=sesta.com,
o=basedn:aci:
(target="ldap:///o=sesta.com,o=basedn")
(targetfilter=(!(|(nsroledn=cn=Top-level Admin Role,o=sesta.com,o=basedn)
(nsroledn=cn=Top-level Help Desk Admin Role,o=sesta.com,o=basedn))))
(targetattr != "nsroledn")
(version 3.0; acl "Organization Admin access allow";
allow (all) roledn = "ldap:///cn=myrole,o=sesta.com,o=basedn";)
For compatibility mode (with domain nodes on a DC Tree):
iplanet-am-role-aci-list: dc=sesta,dc=com:aci:
(target="ldap:///dc=sesta,dc=com")
(targetfilter=(!(|(nsroledn=cn=Top-level Admin Role,dc=sesta,dc=com)
(nsroledn=cn=Top-level Help Desk Admin Role,dc=sesta,dc=com))))
(targetattr != "nsroledn")
(version 3.0; acl "Organization Admin access allow";
allow (all) roledn = "ldap:///cn=myrole,dc=sesta,dc=com";)
OID
2.16.840.1.113730.3.1.1082
- © 2010, Oracle Corporation and/or its affiliates