Configuring the Directory Server
Configuring Security in the Directory Server
Managing Global ACIs With dsconfig
Granting Write Access to Personal Entries
Granting a Group Full Access to a Suffix
Granting Rights to Add and Delete Group Entries
Allowing Users to Add or Remove Themselves From a Group
Granting Conditional Access to a Group
Defining Permissions for DNs That Contain a Comma
The Get Effective Rights Control
Using the Get Effective Rights Control
Understanding Effective Rights Results
The easiest way to delete a global ACI is to use dsconfig in interactive mode. Interactive mode walks you through the ACI configuration, and is therefore not documented here. If you delete global ACIs in non-interactive mode, make sure that you escape all special characters in the ACI specification as required by your command line shell.
This example deletes the global ACI that allows anonymous access by using dsconfig in non-interactive mode.
$ -D "cn=directory manager" -w password -n set-access-control-handler-prop \ --remove global-aci:\(targetattr!=\"userPassword\|\|authPassword\"\) \ \(version\ 3.0\;\ acl\ \"Anonymous\ read\ access\"\;\ allow\ \(read,search,compare\) \ userdn=\"ldap:///anyone\"\;\)