Skip Headers

Oracle® Internet Directory Administrator's Guide
10g (9.0.4)
Part Number B12118-01
Go To Documentation Library
Home		 Go To Product List
Solution Area		 Go To Table Of Contents
Contents		 Go To Index
Index

Go to previous page Go to beginning of chapter Go to next page

Setting up Access Controls for Creation and Search Bases for Users and Groups, 2 of 3

Setting up Access Controls for the User Search Base and the User Creation Base

  1. Create an LDIF (user_aci.ldif) file with the following entry: 

    --- BEGIN LDIF file contents--- 
dn: %usersearch_or_createbase_dn% 
changetype: modify 
add: orclaci 
orclaci: access to entry by group="cn=oracledascreateuser,
cn=groups,cn=OracleContext,%subscriberdn%"
added_object_constraint=(objectclass=orcluser*) (browse,add) by 
group="cn=Common
User Attributes, cn=Groups,cn=OracleContext,%subscriberdn%" (browse) by
group="cn=PKIAdmins, cn=groups, cn=OracleContext,%subscriberdn%" (browse) 
orclaci: access to entry filter=(objectclass=inetorgperson) by
group="cn=oracledascreateuser, cn=groups,cn=OracleContext,%subscriberdn%"
added_object_constraint=(objectclass=orcluser*) (browse,add) by
group="cn=oracledasdeleteuser, cn=groups,cn=OracleContext,%subscriberdn%"
(browse,delete) by group="cn=oracledasedituser,
cn=groups,cn=OracleContext,%subscriberdn%" (browse) by
group="cn=UserProxyPrivilege, cn=Groups,cn=OracleContext,%subscriberdn%" 
(browse,
proxy) by dn="orclApplicationCommonName=DASApp, cn=DAS,
cn=Products,cn=oraclecontext" (browse,proxy) by self (browse, nodelete, 
noadd) by
group="cn=Common User Attributes, cn=Groups,cn=OracleContext,%subscriberdn%"
(browse) by * (browse, noadd, nodelete) 
orclaci: access to attr=(*) filter=(objectclass=inetorgperson) by
group="cn=oracledasedituser, cn=groups,cn=OracleContext,%subscriberdn%"
(read,search,write,compare) by self (read,search,write,selfwrite,compare) by 
* (read,
nowrite, nocompare) 
orclaci: access to attr=(userPassword) filter=(objectclass=inetorgperson) by
      
group="cn=OracleUserSecurityAdmins,cn=Groups,cn=OracleContext,%subscriberdn%
"
(read,search,write,compare) by group="cn=oracledasedituser,
cn=groups,cn=OracleContext,%subscriberdn%" (read,search,write,compare) by 
self
(read,search,write,selfwrite,compare) by group="cn=authenticationServices,
cn=Groups,cn=OracleContext,%subscriberdn%" (compare) by * (none) 
orclaci: access to attr=(authpassword, orclpasswordverifier, orclpassword) 
by
group="cn=oracledasedituser,cn=groups,cn=OracleContext,%subscriberdn%"
(read,search,write,compare) by
group="cn=verifierServices,cn=Groups,cn=OracleContext,%subscriberdn%" 
(search, read,
compare) by self (search,read,write,compare) by * (none) 
orclaci: access to attr=(orclpwdaccountunlock) by
group="cn=oracledasedituser,cn=groups,cn=OracleContext,%subscriberdn%" 
(write) by *
(none) 
orclaci: access to attr=(usercertificate, usersmimecertificate) by
group="cn=PKIAdmins,cn=Groups,cn=OracleContext,%subscriberdn%" (read, 
search,
write, compare) by self (read, search, compare) by * (read, search, compare) 
orclaci: access to attr=(mail) by
      
group="cn=EmailAdminsGroup,cn=EmailServerContainer,cn=Products,cn=OracleCont
ext"
(write) by group="cn=oracledasedituser, 
cn=groups,cn=OracleContext,%subscriberdn%"
(read,search,write,compare) 
orclaci: access to attr=(orclguid, orclisenabled, modifytimestamp,mail) by
group="cn=Common User Attributes, cn=Groups,cn=OracleContext,%subscriberdn%"
(read, search, compare) by group="cn=oracledasedituser,
cn=groups,cn=OracleContext,%subscriberdn%" (read,search,write,compare) by * 
(read,
nowrite, nocompare) 
orclaci: access to attr=(orclpasswordhintanswer) by group="cn=Common User 
Attributes,
cn=Groups,cn=OracleContext,%subscriberdn%" (read, search, compare) by self
(read,search,write,selfwrite,compare) by * (noread, nowrite, nocompare) 
orclaci: access to attr=(orclpasswordhint) by group="cn=Common User 
Attributes,
cn=Groups,cn=OracleContext,%subscriberdn%" (read, search, compare) by self
(read,search,write,selfwrite,compare) by
      
group="cn=OracleUserSecurityAdmins,cn=Groups,cn=OracleContext,%subscriberdn%
"
(read,search,write,compare) by * (noread, nowrite, nocompare) 
orclaci: access to attr=(displayName, preferredlanguage,
      
orcltimezone,orcldateofbirth,orclgender,orclwirelessaccountnumber,cn,uid,hom
ephone,telephonenumber)
by group="cn=Common User Attributes, 
cn=Groups,cn=OracleContext,%subscriberdn%"
(read, search, compare) by group="cn=oracledasedituser,
cn=groups,cn=OracleContext,%subscriberdn%" (read,search,write,compare) by 
self
(read,search,write,selfwrite,compare) by * (read, nowrite, nocompare) 
      - 
add: orclentrylevelaci 
orclentrylevelaci: access to entry by group="cn=oracledascreateuser,
cn=groups,cn=OracleContext,%subscriberdn%"
added_object_constraint=(objectclass=orcluser*) (browse, add) by * (browse) 
---END LDIF file contents------

  1. Replace %subscriberdn% with the dn of the subscriber and %usersearch_or_createbase_dn% with the new value of the container dn where the new user search/create base points to.

  2. Run the ldapmodify command as follows: 

    ldapmodify -p <oidport> -h <oidhost> -D cn=orcladmin -w <Instance  Password> 
-v -f  user_aci.ldif
Go to previous page Go to beginning of chapter Go to next page
Oracle
Copyright © 1999, 2003 Oracle Corporation.
All Rights Reserved.
Go To Documentation Library
Home		 Go To Product List
Solution Area		 Go To Table Of Contents
Contents		 Go To Index
Index