Skip Headers

Oracle® Internet Directory Administrator's Guide
10g (9.0.4)
Part Number B12118-01
Go To Documentation Library
Home		 Go To Product List
Solution Area		 Go To Table Of Contents
Contents		 Go To Index
Index

Go to previous page Go to beginning of chapter Go to next page

Setting up Access Controls for Creation and Search Bases for Users and Groups, 3 of 3

Setting up Access Controls for the Group Search Base and the Group Creation Base

  1. Create an ldif (group_aci.ldif) file with the following entry: 

    --- BEGIN LDIF file contents--- 
dn: %groupsearch_or_createbase_dn% 
changetype: modify 
add: orclaci 
orclaci: access to entry by group="cn=IASAdmins,
cn=groups,cn=OracleContext,%subscriberdn%"
added_object_constraint=(objectclass=orclcontainer) (browse,add) 
orclaci: access to entry by group="cn=oracledascreategroup,
cn=groups,cn=OracleContext,%subscriberdn%"
added_object_constraint=(objectclass=orclgroup*) (browse,add) by 
group="cn=Common
Group Attributes, cn=Groups,cn=OracleContext,%subscriberdn%" (browse) 
orclaci: access to entry 
filter=(&(objectclass=orclgroup)(orclisvisible=false)) by
groupattr=(owner) (browse, add, delete) by dnattr=(owner) (browse, add, 
delete) by
group="cn=Common Group Attributes, 
cn=Groups,cn=OracleContext,%subscriberdn%"
(browse) by * (none) 
orclaci: access to entry 
filter=(&(objectclass=orclgroup)(!(orclisvisible=false))) by
group="cn=oracledascreategroup, cn=groups,cn=OracleContext,%subscriberdn%"
added_object_constraint=(objectclass=orclgroup) (browse,add) by
group="cn=oracledasdeletegroup, cn=groups,cn=OracleContext,%subscriberdn%"
(browse,delete) by group="cn=oracledaseditgroup,
cn=Groups,cn=OracleContext,%subscriberdn%" (browse) by groupattr=(owner) 
(browse,
add, delete) by dnattr=(owner) (browse, add, delete) by group="cn=Common 
Group
Attributes, cn=Groups,cn=OracleContext,%subscriberdn%" (browse) 
orclaci: access to attr=(*) 
filter=(&(objectclass=orclgroup)(orclisvisible=false)) by
groupattr=(owner) (read,search,write,compare) by dnattr=(owner)
(read,search,write,compare) by * (none) by group="cn=Common Group 
Attributes,
cn=Groups,cn=OracleContext,%subscriberdn%" (read, search, compare) 
orclaci: access to attr=(*) 
filter=(&(objectclass=orclgroup)(!(orclisvisible=false))) by
groupattr=(owner) (read,search,write,compare) by dnattr=(owner)
(read,search,write,compare)  by group="cn=oracledaseditgroup,
cn=groups,cn=OracleContext,%subscriberdn%" (read,search,write,compare) by
group="cn=Common Group Attributes, 
cn=Groups,cn=OracleContext,%subscriberdn%"
(read, search, compare) 
      - 
add: orclentrylevelaci 
orclentrylevelaci: access to entry by group="cn=oracledascreategroup,
cn=groups,cn=OracleContext,%subscriberdn%"
added_object_constraint=(objectclass=orclgroup) (browse, add) by
group="cn=IASAdmins, cn=groups,cn=OracleContext,%subscriberdn%"
added_object_constraint=(objectclass=orclcontainer) (browse,add) by * 
(browse) 
---END LDIF file contents------

  1. Replace %subscriberdn% with the DN of the subscriber and %groupsearch_or_createbase_dn% with the new value of the container DN where the new group search base or group create base points to.

  2. Run the ldapmodify command as follows: 

    ldapmodify -p oidport -h oidhost -D cn=orcladmin -w Instance Password -v -f  
group_aci.ldif
Go to previous page Go to beginning of chapter Go to next page
Oracle
Copyright © 1999, 2003 Oracle Corporation.
All Rights Reserved.
Go To Documentation Library
Home		 Go To Product List
Solution Area		 Go To Table Of Contents
Contents		 Go To Index
Index