Oracle® Internet Directory Administrator's Guide 10g (9.0.4) Part Number B12118-01 |
|
Integration with the Microsoft Windows Environment, 13 of 13
This section contains these sample LDIF files:
# This ACL policy grants access to privilaged users to create groups under the container # cn=users,dc=us,dc=mycompany,dc=com which is the container for creating users dn: cn=Users,dc=us,dc=mycompany,dc=com changetype: modify add: orclaci orclaci: access to entry by group="cn=IASAdmins, cn=groups,cn=OracleContext,dc=us,dc=mycompany,dc=com" added_object_ constraint=(objectclass=orclcontainer) (browse,add) orclaci: access to entry by group="cn=oracledascreategroup, cn=groups,cn=OracleContext,dc=us,dc=mycompany,dc=com" added_object_ constraint=(objectclass=orclgroup*) (browse,add) by group="cn=Common Group Attributes, cn=Groups,cn=OracleContext,dc=us,dc=mycompany,dc=com" (browse) orclaci: access to entry filter=(&(objectclass=orclgroup)(orclisvisible=false)) by groupattr=(owner) (browse, add, delete) by dnattr=(owner) (browse, add, delete) by group="cn=Common Group Attributes, cn=Groups,cn=OracleContext,dc=us,dc=mycompany,dc=com" (browse) by * (none) orclaci: access to entry filter=(&(objectclass=orclgroup)(!(orclisvisible=false))) by group="cn=oracledascreategroup, cn=groups,cn=OracleContext,dc=us,dc=mycompany,dc=com" added_object_ constraint=(objectclass=orclgroup) (browse,add) by group="cn=oracledasdeletegroup, cn=groups,cn=OracleContext,dc=us,dc=mycompany,dc=com" (browse,delete) by group="cn=oracledaseditgroup, cn=Groups,cn=OracleContext,dc=us,dc=mycompany,dc=com" (browse) by groupattr=(owner) (browse, add, delete) by dnattr=(owner) (browse, add, delete) by group="cn=Common Group Attributes, cn=Groups,cn=OracleContext,dc=us,dc=mycompany,dc=com" (browse) orclaci: access to attr=(*) filter=(&(objectclass=orclgroup)(orclisvisible=false)) by groupattr=(owner) (read,search,write,compare) by dnattr=(owner) (read,search,write,compare) by * (none) by group="cn=Common Group Attributes, cn=Groups,cn=OracleContext,dc=us,dc=mycompany,dc=com" (read, search, compare) orclaci: access to attr=(*) filter=(&(objectclass=orclgroup)(!(orclisvisible=false))) by groupattr=(owner) (read,search,write,compare) by dnattr=(owner) (read,search,write,compare) by group="cn=oracledaseditgroup, cn=groups,cn=OracleContext,dc=us,dc=mycompany,dc=com" (read,search,write,compare) by group="cn=Common Group Attributes, cn=Groups,cn=OracleContext,dc=us,dc=mycompany,dc=com" (read, search, compare) dn: cn=Users,dc=us,dc=mycompany,dc=com changetype: modify add: orclentrylevelaci orclentrylevelaci: access to entry by group="cn=oracledascreategroup, cn=groups,cn=OracleContext,dc=us,dc=mycompany,dc=com" added_object_ constraint=(objectclass=orclgroup) (browse, add) by group="cn=IASAdmins, cn=groups,cn=OracleContext,dc=us,dc=mycompany,dc=com" added_object_ constraint=(objectclass=orclcontainer) (browse,add) by * (browse)
#Add the users container _dn: dc=a,dc=us,dc=mycompany,dc=com _changetype: add _dc: a _objectclass: domain _ _dn: cn=users,dc=a,dc=us,dc=mycompany,dc=com _changetype: add _cn: users _objectclass: orclcontainer dn: dc=b,dc=us,dc=mycompany,dc=com changetype: add dc: b objectclass: domain dn: cn=users,dc=b,dc=us,dc=mycompany,dc=com changetype: add cn: users objectclass: orclcontainer # ACLS for Users #Add the acls to create/delete/modify user entries in the users container dn: cn=users,dc=a,dc=us,dc=mycompany,dc=com changetype: modify add: orclaci #ACL to add user objects orclaci: access to entry by group = "cn=oracledascreateuser,cn=groups,cn=OracleContext,dc=us,dc=mycompany,dc=com" added_object_constraint=(objectclass=orcluser*) (browse,add) #ACL to delete user objects orclaci: access to entry by group="cn=oracledasdeleteuser, cn=groups,cn=OracleContext,dc=us,dc=mycompany,dc=com" added_object_ constraint=(objectclass=orcluser*) (browse,delete) #ACL to modify user objects orclaci: access to attr = (*) by group="cn=orcldasedituser, cn=Groups,cn=OracleContext,dc=us,dc=mycompany,dc=com" (read, write, search, compare) by self (read,search,write,compare) by * (noread, nowrite, nocompare) #Add the acls to create/delete/modify user entries in the users container dn: cn=users,dc=b,dc=us,dc=mycompany,dc=com changetype: modify add: orclaci #ACL to add user objects orclaci: access to entry by group = "cn=oracledascreateuser,cn=groups,cn=OracleContext,dc=us,dc=mycompany,dc=com" added_object_constraint=(objectclass=orcluser*) (browse,add) #ACL to delete user objects orclaci: access to entry by group="cn=oracledasdeleteuser, cn=groups,cn=OracleContext,dc=us,dc=mycompany,dc=com" added_object_ constraint=(objectclass=orcluser*) (browse,delete) #ACL to modify user objects orclaci: access to attr = (*) by group="cn=orcldasedituser, cn=Groups,cn=OracleContext,dc=us,dc=mycompany,dc=com" (read, write, search, compare) by self (read,search,write,compare) by * (noread, nowrite, nocompare) #Change the usersearchbase to point to dc=us,dc=mycompany,dc=com dn: cn=common, cn=products,cn=oraclecontext,dc=us,d=mycompany,dc=com changetype: modify replace: orclCommonUserSearchBase orclCommonUserSearchBase: dc=us,dc=mycompany,dc=com #ACLS for Groups #Add the acls to create/delete/modify group entries in the users container dn: cn=users,dc=a,dc=us,dc=mycompany,dc=com changetype: modify add: orclaci #ACL to add group objects orclaci: access to entry by group = "cn=oracledascreategroup,cn=groups,cn=OracleContext,dc=us,dc=mycompany,dc=com" added_object_constraint=(objectclass=orclgroup*) (browse,add) #ACL to delete group objects orclaci: access to entry by group="cn=oracledasdeletegroup, cn=groups,cn=OracleContext,dc=us,dc=mycompany,dc=com" added_object_ constraint=(objectclass=orclgroup*) (browse,delete) #ACL to modify group objects orclaci: access to attr = (*) by group="cn=orcldaseditgroup, cn=Groups,cn=OracleContext,dc=us,dc=mycompany,dc=com" (read, write, search, compare) by self (read,search,write,compare) by * (noread, nowrite, nocompare) #Add the acls to create/delete/modify group entries in the users container dn: cn=users,dc=b,dc=us,dc=mycompany,dc=com changetype: modify add: orclaci #ACL to add group objects orclaci: access to entry by group = "cn=oracledascreategroup,cn=groups,cn=OracleContext,dc=us,dc=mycompany,dc=com" added_object_constraint=(objectclass=orclgroup*) (browse,add) #ACL to delete group objects orclaci: access to entry by group="cn=oracledasdeletegroup, cn=groups,cn=OracleContext,dc=us,dc=mycompany,dc=com" added_object_ constraint=(objectclass=orclgroup*) (browse,delete) #ACL to modify group objects orclaci: access to attr = (*) by group="cn=orcldaseditgroup, cn=Groups,cn=OracleContext,dc=us,dc=mycompany,dc=com" (read, write, search, compare) by self (read,search,write,compare) by * (noread, nowrite, nocompare) #Change the GroupSearchBase to point to dc=us,dc=mycompany,dc=com dn: cn=common, cn=products,cn=oraclecontext,dc=us,d=mycompany,dc=com changetype: modify replace: orclCommonGroupSearchBase orclCommonGroupSearchBase: dc=us,dc=mycompany,dc=com
#Modify the name of the profile dn: orclodipagentname=activechgimp,cn=subscriber profile,cn=changelog subscriber,cn=oracle internet directory changetype: modrdn newrdn: activechgimp1 deleteoldrdn: 1 #Remove the privileges given to the old profile and add the privileges to the new profile dn: cn=odipgroup,cn=odi,cn=oracle internet directory changetype: modify delete: uniquemember uniquemember: orclodipagentname=activechgimp,cn=subscriber profile,cn=changelog subscriber,cn=oracle internet directory - add: uniquemember uniquemember: orclodipagentname=activechgimp1,cn=subscriber profile,cn=changelog subscriber,cn=oracle internet directory
|
![]() Copyright © 1999, 2003 Oracle Corporation. All Rights Reserved. |
|