Skip Headers
Oracle Internet Directory Administrator's Guide
10g (10.1.4.0.1)
Part Number B15991-01
Go to Documentation Home
Home		 Go to Book List
Book List		 Go to Table of Contents
Contents		 Go to Index
Index		 Go to Master Index
Master Index		 Go to Feedback page
Contact Us
Go to previous page
Previous		 Go to next page
Next
View PDF

C The Access Control Directive Format

This appendix describes the format (syntax) of any access control item (ACI). It contains these topics:

C.1 Schema for orclACI

The access control directive defined by the user attribute orclACI has the following schema:

OrclACI: { object_identifier NAME 'orclACI' DESC 'Stores an inheritable ACI' EQUALITY accessDirectiveMatch SYNTAX 'accessDirectiveDescription'  USAGE  'directoryOperation'}

accessDirectiveDescription has the following BNF:
<accessDirectiveDescription> 
                  ::= access to <object> [by <subject> ( <accessList> )]+

<object> ::= [attr <EQ-OR-NEQ> ( * | (<attrList>) ) | entry] [filter=(<ldapFilter>)] [DenyGroupOverride] [AppendToAll]

<subject> ::= <entity> [<BindMode>] [Added_object_constraint=(<ldapFilter>)]
<entity> ::= * | self | dn="<regex>" | dnAttr=(<dn_attribute>) | group="<dn>" | guidattr=(<guid_attribute>) | groupattr=(<group_attribute>) | [SuperUser]

BindMode=(LDAP_authentication_choice)|LDAP_security_choice)
LDAP_authentication_choice::= proxy | simple | MD5Digest | PKCS12
LDAP_security_choice::= SSLNoAuth | SSLOneWay | SASL

<accessList> ::= <access> | <access>, <accessList>

<access> ::= none | compare | search | browse | proxy | read | selfwrite | write | add | delete | nocompare | nosearch | nobrowse | noproxy |noread | noselfwrite | nowrite | noadd | nodelete 

<attrList> ::=  <attribute name> | <attribute name>,<attrList>

<EQ-OR-NEQ> ::=  = | !=

<regex> ::= <dn> | *,<dn_of_any_subtree_root>

Note:

The regular expression defined earlier is not meant to match any arbitrary expression. The syntax only allows expressions where the wild card is followed by a comma and a valid DN. The latter DN denoted by <dn_of_any_subtree_root> is intended to specify the root of some subtree.

C.2 Schema for orclEntryLevelACI

The entry level access control directive defined by the user attribute orclEntryLevelACI has the following schema:

"orclEntryLevelACI": { object_identifier NAME 'orclEntryLevelACI' DESC 'Stores entry level ACL Directive'  EQUALITY accessDirectiveMatch SYNTAX 'orclEntryLevelACIDescription' USAGE 'directoryOperation' }

<orclEntryLevelACIDescription>  ::= access to <object> [by <subject> ( <accessList> )]+
Go to previous page
Previous		 Go to next page
Next
Go to Documentation Home
Home		 Go to Book List
Book List		 Go to Table of Contents
Contents		 Go to Index
Index		 Go to Master Index
Master Index		 Go to Feedback page
Contact Us