원래의 자체 ACI (Sun Java System Communications Services 6 2005Q4 Delegated Administrator 설명서)

Sun Java System Communications Services 6 2005Q4 Delegated Administrator 설명서
원래의 자체 ACI

aci:
(targetattr != “nsroledn || aci || nsLookThroughLimit || nsSizeLimit ||
nsTimeLimit || nsIdleTimeout || passwordPolicySubentry ||
passwordExpirationTime
|| passwordExpWarned || passwordRetryCount || retryCountResetTime ||
accountUnlockTime || passwordHistory || passwordAllowChangeTime”)
(version 3.0; acl “Allow self entry modification except for nsroledn, aci,
resource limit attributes, passwordPolicySubentry and password policy
state attributes”;
allow (write)
userdn =”ldap:///self”;) 


aci:
(targetattr = “*”)
(version 3.0; acl “S1IS Deny deleting self”;
deny (delete)
userdn =”ldap:///self”;) 


aci:
(targetattr = “objectclass || inetuserstatus ||
planet-am-web-agent-access-allow-list
|| iplanet-am-domain-url-access-allow 
|| iplanet-am-web-agent-access-deny-list
|| iplanet-am-user-account-life || iplanet-am-session-max-session-time
|| iplanet-am-session-max-idle-time 
|| iplanet-am-session-get-valid-sessions
|| iplanet-am-session-destroy-sessions 
|| iplanet-am-session-add-session-listener-on-all-sessions
|| iplanet-am-user-admin-start-dn 
|| iplanet-am-auth-post-login-process-class”)
(targetfilter=(!(nsroledn=cn=Top-levelAdmin Role,$rootSuffix)))
(version 3.0; acl “S1IS User status self modification denied”;
deny (write)
userdn =”ldap:///self”;) 


aci:
(targetattr != “iplanet-am-static-group-dn || uid || nsroledn || aci 
|| LookThroughLimit
|| nsSizeLimit || nsTimeLimit || nsIdleTimeout || memberOf ||
planet-am-web-agent-access-allow-list
|| iplanet-am-domain-url-access-allow ||
planet-am-web-agent-access-deny-list”)
(version 3.0; acl “S1IS Allow self entry modification except 
for nsroledn, aci, and resource limit attributes”;
allow (write)
userdn =”ldap:///self”;) 


aci:
(targetattr != “aci || nsLookThroughLimit || nsSizeLimit || nsTimeLimit
|| nsIdleTimeout || iplanet-am-domain-url-access-allow”)
(version 3.0; acl “S1IS Allow self entry read search except for 
nsroledn, aci, resource limit and web agent policy attributes”;
allow (read,search)
userdn =”ldap:///self”;) 


aci:
(targetattr=”uid||ou||owner||mail||mailAlternateAddress
||mailEquivalentaddress||memberOf
||inetuserstatus||mailuserstatus||memberOfManagedGroup||mailQuota
||mailMsgQuota
||inetSubscriberAccountId||dataSource||mailhost||mailAllowedServiceAccess
||pabURI||inetCOS||mailSMTPSubmitChannel||aci”)
(targetfilter=(&(objectClass=inetMailUser)(!(nsroledn=cn=Organization Admin
role,*))))
(version 3.0; acl “Deny write access to users over Messaging Server 
protected attributes -
product=SOMS,schema 2 support,class=installer,num=3,version=1 “;
deny (write)
userdn = “ldap:///self”;)