JavaScript is required to for searching.
Skip Navigation Links
Exit Print View
Oracle Fusion Middleware Administration Guide for Oracle Unified Directory 11g Release 1 (11.1.1)
Oracle Technology Network
Library
PDF
Print View
Feedback
search filter icon
search icon

Document Information

Preface

1.  Starting and Stopping the Server

2.  Configuring the Server Instance

3.  Configuring the Proxy Components

4.  Configuring Security Between Clients and Servers

5.  Configuring Security Between the Proxy and the Data Source

6.  Managing Oracle Unified Directory With Oracle Directory Services Manager

7.  Managing Directory Data

8.  Replicating Directory Data

9.  Controlling Access To Data

Managing Global ACIs With dsconfig

Default Global ACIs

To Display the Global ACIs

To Delete a Global ACI

To Add a Global ACI

Managing ACIs With ldapmodify

To View ACI Attribute Values

To Add an ACI

To Remove an ACI

Managing Access Control With Oracle Directory Services Manager

Display the Configured ACIs

Create an Access Control Point

Create an Access Control Point Based on an Existing Access Control Point

Delete an Access Control Point

Add an ACI

Add an ACI Based on an Existing ACI

Modify an ACI

Access Control Usage Examples

Disabling Anonymous Access

Granting Write Access to Personal Entries

Granting Write Access Based on DNS

Granting Write Access Based on Authentication Method

Granting a Group Full Access to a Suffix

Granting Rights to Add and Delete Group Entries

Creating a "Create Group" ACI

Creating a "Delete Group" ACI

Allowing Users to Add or Remove Themselves From a Group

Granting Conditional Access to a Group

Denying Access

Defining Permissions for DNs That Contain a Comma

Proxy Authorization ACIs

Viewing Effective Rights

The Get Effective Rights Control

Using the Get Effective Rights Control

Understanding Effective Rights Results

Rights Information

write, selfwrite_add, and selfwrite_delete Permissions

Logging Information

Restricting Access to the Get Effective Rights Control

10.  Managing Users and Groups With dsconfig

11.  Managing Password Policies

12.  Managing Directory Schema

13.  Monitoring Oracle Unified Directory

14.  Tuning Performance

15.  Advanced Administration

Managing Access Control With Oracle Directory Services Manager

You can use ODSM to view the existing ACIs that are configured in the server, to create new access control points, and to create new ACIs in a user-friendly interface. The following topics described how to manage access control by using ODSM.

Display the Configured ACIs

Oracle Unified Directory supports several preconfigured ACIs, by default. You can display all ACIs that are configured in the server by using ODSM, as follows:

  1. Connect to the directory server from ODSM, as described in Connecting to the Server From Oracle Directory Services Manager.

  2. Select the Security tab.

  3. Expand the Directory ACLs element.

  4. All configured ACIs are listed under the access control point in which the ACI is defined. Expand the access control point to view the ACIs. For example, to display the list of ACIs that apply to the Root entry, expand the Root entry.

  5. Select an ACI to view its properties in the right hand pane.

Create an Access Control Point

An access control point is the entry in which an ACI is defined (in other words, the entry that contains the corresponding aci attribute.

You can define a new access control point by using ODSM, as follows:

  1. Connect to the directory server from ODSM, as described in Connecting to the Server From Oracle Directory Services Manager.

  2. Select the Security tab.

  3. Expand the Directory ACLs element.

  4. Click the Add icon.

  5. In the Location field, enter the DN of the entry that will be the new access control point, or click Select to select the entry from the directory.

  6. To add one or more ACIs to the access control point, click Create ACI.

  7. Enter the ACI details. For more information about these fields, see Add an ACI.

  8. When you have added the required ACIs to the access control point, click Create.

Create an Access Control Point Based on an Existing Access Control Point

You can define a new access control point that is based on an existing access control point by using ODSM, as follows:

  1. Connect to the directory server from ODSM, as described in Connecting to the Server From Oracle Directory Services Manager.

  2. Select the Security tab.

  3. Expand the Directory ACLs element.

  4. Select the access control point on which you want to base the new access control point.

  5. Click the Add like icon.

  6. In the Location field, enter the DN of the entry that will be the new access control point, or click Select to select the entry from the directory.

  7. The new access control point is automatically created with the same ACL as the access control point on which it was based.

  8. To add, remove, or edit the existing ACIs on the new access control point, click Create, Edit or Delete.

  9. To add or edit an ACI, enter the required details. For more information about these fields, see Add an ACI.

  10. When you have modified the ACIs for the new access control point, click Create.

Delete an Access Control Point

You can delete an access control point by using ODSM, as follows:

  1. Connect to the directory server from ODSM, as described in Connecting to the Server From Oracle Directory Services Manager.

  2. Select the Security tab.

  3. Expand the Directory ACLs element.

  4. Select the access control point that you want to delete and click the Delete icon.

  5. Click OK to confirm the deletion.

Add an ACI

You can add an ACI to an existing access control point, by using ODSM as follows:

  1. Connect to the directory server from ODSM, as described in Connecting to the Server From Oracle Directory Services Manager.

  2. Select the Security tab.

  3. Expand the Directory ACLs element.

  4. Expand the access control point to which you want to add the new ACI.

  5. Select one of the ACIs in the access control list.

  6. Click the Add icon.

  7. To build the ACI in a user friendly interface, select the Detail View tab.

  8. Select the Scope of the ACI.

    Usually an ACI has subtree scope. You can restrict the scope of the ACI by selecting one of the following values:

    • Base. The ACI applies to the target resource only.

    • One. The ACI applies to the target resource's first-generation children.

    • Subtree. The ACI applies to the target resource and the subtree below it.

    • Subordinate. The ACI applies only to the subtree below the target resource.

  9. In the Targets field, select each element of the ACI and click Edit to define its properties.

    For more information about defining ACI targets, see Defining Targets in Oracle Fusion Middleware Architecture Reference for Oracle Unified Directory.

  10. In the Permissions field, click the Add icon to define bind rules.

    For more information about defining ACI permissions, see Defining Permissions in Oracle Fusion Middleware Architecture Reference for Oracle Unified Directory.

  11. If you would rather define the ACI manually, click the Text Editor View tab and enter the details of the ACI.

    Click Validate to check that the ACI conforms to the ACI syntax.

    You can also use this view to copy and paste existing ACIs.

  12. When you have completed the ACI definition, click Create.

Add an ACI Based on an Existing ACI

You can add an ACI that is based on an existing ACI, by using ODSM as follows:

  1. Connect to the directory server from ODSM, as described in Connecting to the Server From Oracle Directory Services Manager.

  2. Select the Security tab.

  3. Expand the Directory ACLs element.

  4. Expand the access control point that contains the ACI that you want to copy.

  5. Select the ACI that you want to copy.

  6. Click the Add like icon.

  7. Edit the elements of the ACI that you want to change, either in Text Editor View or in Detail View.

  8. When you have completed the ACI definition, click Create.

Modify an ACI

You can modify an existing ACI, by using ODSM as follows:

  1. Connect to the directory server from ODSM, as described in Connecting to the Server From Oracle Directory Services Manager.

  2. Select the Security tab.

  3. Expand the Directory ACLs element.

  4. Expand the access control point that contains the ACI that you want to change

  5. Select the ACI that you want to change.

  6. Edit the elements of the ACI, either in Text Editor View or in Detail View.

  7. When you have completed your changes, click Apply.

Copyright © 2006, 2011, Oracle and/or its affiliates. All rights reserved. Legal Notices
Previous Next