To Create the Required ACIs (Sun Java System Directory Server Enterprise Edition 6.3 Administration Guide)

Sun Java System Directory Server Enterprise Edition 6.3 Administration Guide

To Create the Required ACIs

Before you can test the JDBC data view, you must enable write access to the data view by configuring ACIs. By default, write access to non-LDAP data views is denied. For the purposes of this example, it is sufficient to add one global ACI that allows users to modify their own passwords.

As the Proxy Manager, add a pool of ACIs to the JDBC data source and add a global ACI that allows users to modify their own entries.

% ldapmodify -p 1389 -D "cn=proxy manager" -w password
dn: cn=mysql1,cn=virtual access controls
changetype: add
objectclass: acisource
dpsaci: (targetattr="*") (target = "ldap:///o=sql") 
(version 3.0; acl "enable all access for all users "; allow(all) 
userdn="ldap:///uid=kvaughan,o=sql";)
cn: mysql1

Create a connection handler to handle connections to the o=sql domain.
% dpconf create-connection-handler mysql1-handler

Enable the connection handler and configure it to handle all binds from users in the o=sql domain.

% dpconf set-connection-handler-prop mysql1-handler is-enabled:true \
 bind-dn-filters:"uid=.*,o=sql"

Configure the connection handler to use the pool of ACIs added previously.
% dpconf set-connection-handler-prop mysql1-handler aci-source:mysql1