Sun Java System Communications Services 6 2005Q4 Delegated Administrator 설명서

replacement.acis.ldif 파일

dn: $rootSuffix
changetype: modify
replace: aci
aci: (targetattr = “*”)(version 3.0; acl “Configuration Administrator”;
   allow (all)
   userdn=”ldap:///uid=admin,ou=Administrators,ou=TopologyManagement,
o=NetscapeRoot”;)
aci: (target=”“ldap:///$rootSuffix”)
  (targetfilter=(!(objectclass=sunServiceComponent)))
  (targetattr != “userPassword||passwordHistory
   ||passwordExpirationTime||passwordExpWarned||passwordRetryCount
  ||retryCountResetTime||accountUnlockTime||passwordAllowChangeTime”)
  (version 3.0; acl “anonymous access rights”;
   allow (read,search,compare)
   userdn = “ldap:///anyone”; )
aci: (targetattr != “nsroledn||aci||nsLookThroughLimit||nsSizeLimit
  ||nsTimeLimit||nsIdleTimeout||passwordPolicySubentry||passwordExpiration
    Time
  ||passwordExpWarned||passwordRetryCount||retryCountResetTime
  ||accountUnlockTime||passwordHistory||passwordAllowChangeTime||uid||mem
    berOf
  ||objectclass||inetuserstatus||ou||owner||mail||mailuserstatus
  ||memberOfManagedGroup||mailQuota||mailMsgQuota||mailhost
  ||mailAllowedServiceAccess||inetCOS||mailSMTPSubmitChannel”)
  (version 3.0; acl “Allow self entry modification”;
  allow (write)
  userdn =”ldap:///self”;)
aci: (targetattr != “ aci || nsLookThroughLimit || nsSizeLimit
  || nsTimeLimit|| nsIdleTimeout”)
  (version 3.0; acl “Allow self entry read search”;
  allow(write)
  userdn =”ldap:///self”;)
aci: (target=”ldap:///$rootSuffix”)
  (targetattr=”*”)
  (version 3.0; acl “S1IS Proxy user rights”;
  allow (proxy)
  userdn = “ldap:///cn=puser,ou=DSAME Users,
  $rootSuffix”; )
aci: (target=”ldap:///$rootSuffix”)
  (targetattr=”*”)
  (version 3.0; acl “S1IS special dsame user rights for all under the root
   suffix”;
  allow (all)
  userdn = “ldap:///cn=dsameuser,ou=DSAME Users,
  $rootSuffix”; )
aci: (target=”ldap:///$rootSuffix”)
  (targetattr=”*”)
  (version 3.0; acl “S1IS special ldap auth user rights”;
  allow (read,search)
  userdn = “ldap:///cn=amldapuser,ou=DSAME Users,
  $rootSuffix”; )
aci: (target=”ldap:///$rootSuffix”)
  (targetattr=”*”)
  (version 3.0; acl “S1IS Top-level admin rights”;
  allow (all)
  roledn = “ldap:///cn=Top-level Admin Role,
  $rootSuffix”; )
aci: (targetattr=”*”)
  (version 3.0; acl “Messaging Server End User Administrator Read Only
   Access”;
  allow (read,search)
  groupdn=”ldap:///cn=Messaging End User Administrators Group,ou=Groups,
  $rootSuffix”;)
aci: (targetattr=”objectclass || mailalternateaddress || Mailautoreplymode
   || mailprogramdeliveryinfo || preferredlanguage || maildeliveryoption
   || mailforwardingaddress || mailAutoReplyTimeout
   || mailautoreplytextinternal
   || mailautoreplytext || vacationEndDate || vacationStartDate
   || mailautoreplysubject || maxPabEntries || mailMessageStore
   || mailSieveRuleSource || sunUCDateFormat || sunUCDateDeLimiter
   || sunUCTimeFormat || mailuserstatus || maildomainstatus”)
  (version 3.0; acl “Messaging Server End User Administrator All Access”;
  allow (all)
  groupdn = “ldap:///cn=Messaging End User Administrators Group,ou=Groups,
  $rootSuffix”;)
aci: (targetattr = “*”)
  (version 3.0;acl “Allow Read-Only Access”;
  allow (read,search,compare)
  groupdn = “ldap:///cn=Read-Only,ou=Groups,
  $rootSuffix”;)
aci: (target=”ldap:///cn=Organization Admin Role,($dn),$rootSuffix”)
  (targetattr=”*”)
  (version 3.0; acl “S1IS Organization Admin Role access deny”;
  deny (write,add,delete,compare,proxy)
  roledn = “ldap:///cn=Organization Admin Role,($dn),
  $rootSuffix”;)
aci: (target=”ldap:///($dn),$rootSuffix”)
  (targetattr=”*”)
  (version 3.0; acl “Organization Admin Role access allow read”;
  allow(read,search)
  roledn = “ldap:///cn=Organization Admin Role,[$dn],
  $rootSuffix” ;)
aci: (target=”ldap:///($dn),$rootSuffix”)
  (targetfilter=(!(|(nsroledn=cn=Top-level Admin Role,$rootSuffix)
  (entrydn=($dn),$rootSuffix))))
  ( targetattr = “*”)
  (version 3.0; acl “S1IS Organization Admin Role access allow”;
  allow (all)
  roledn = “ldap:///cn=Organization Admin Role,[$dn],
  $rootSuffix”;)