Example
For native mode (with domain nodes on the organization tree):
iplanet-am-role-aci-list: o=sesta.com,
o=basedn:aci:
(target="ldap:///o=sesta.com,o=basedn")
(targetfilter=(!(|(nsroledn=cn=Top-level Admin Role,o=sesta.com,o=basedn)
(nsroledn=cn=Top-level Help Desk Admin Role,o=sesta.com,o=basedn))))
(targetattr != "nsroledn")
(version 3.0; acl "Organization Admin access allow";
allow (all) roledn = "ldap:///cn=myrole,o=sesta.com,o=basedn";)
For compatibility mode (with domain nodes on a DC Tree):
iplanet-am-role-aci-list: dc=sesta,dc=com:aci:
(target="ldap:///dc=sesta,dc=com")
(targetfilter=(!(|(nsroledn=cn=Top-level Admin Role,dc=sesta,dc=com)
(nsroledn=cn=Top-level Help Desk Admin Role,dc=sesta,dc=com))))
(targetattr != "nsroledn")
(version 3.0; acl "Organization Admin access allow";
allow (all) roledn = "ldap:///cn=myrole,dc=sesta,dc=com";)
- © 2010, Oracle Corporation and/or its affiliates