Access Control Information (ACI) (Sun Java System Calendar Server 6.3 WCAP Developer's Guide)

Sun Java System Calendar Server 6.3 WCAP Developer's Guide

Access Control Information (ACI)

The Calendar Server configuration program adds new ACI's. If you are upgrading from an earlier version of Java Enterprise System, you must rerun the configuration program to have the new ACI's added. Or you can use the Directory Server ldapmodify command to add them yourself as follows.

In this example, the ACI is added to the root suffix, o=usergroup:

dn:  o=usergroup
changetype: modify
add: aci
aci: (targetattr="icscalendar || cn || givenName || sn || uid || mail")
     (targetfilter=(objectClass=icscalendaruser))
     (version 3.0; acl "Allow calendar administrators to proxy-product=ics,
      class=admin,num=2,version=1"; allow (proxy) 
      groupdn="ldap:///cn=Calendar Administrators,ou=Groups,o=usergroup";)

In the following example, the ACI is added to the basedn domain node, o=sesta.com,o=usergroup:

Note –

All nodes under the basedn must be set to allow anyone read and search access rights in order for this command to work. For more information, see the Common Topic Calendar Access Control Information (ACI)

dn:  o=sesta.com,o=usergroup
changetype: modify
add: aci
aci:(targetattr="icscalendar || cn || givenName || sn || uid || mail")
    (targetfilter=(objectClass=icscalendaruser))
    (version 3.0; acl "Allow calendar users to read and search other 
     users-product=ics,
     class=admin,num=3,version=1"; allow (search,read) 
     userdn="ldap:///uid=*,ou=People, o=sesta.com, o=usergroup";)

Note –

If there is no basedn domain node, add the preceding ACI to the root suffix itself by changing the dn: value to o=usergoup.