Starting and Stopping Your Server Instance
Configuring the Server Instance
Configuring the Proxy Components
Configuring Security Between Clients and Servers
Configuring Security Between the Proxy and the Data Source
Configuring Servers With the Control Panel
Managing Global ACIs With dsconfig
Granting Write Access to Personal Entries
Granting a Group Full Access to a Suffix
Granting Rights to Add and Delete Group Entries
Allowing Users to Add or Remove Themselves From a Group
Granting Conditional Access to a Group
Defining Permissions for DNs That Contain a Comma
The Get Effective Rights Control
Using the Get Effective Rights Control
Understanding Effective Rights Results
Restricting Access to the Get Effective Rights Control
The global ACIs are all values of the global-aci property of the access control handler. You can use dsconfig to display the global ACIs currently configured on the server by viewing the global-aci property.
$ dsconfig -h localhost -p 4444 -D cn="Directory Manager" -w password -n \ get-access-control-handler-prop \ --property global-aci Property : Value(s) -----------:------------------------------------------------------------------- global-aci : (extop="1.3.6.1.4.1.26027.1.6.1 || 1.3.6.1.4.1.26027.1.6.3 || : 1.3.6.1.4.1.4203.1.11.1 || 1.3.6.1.4.1.1466.20037 || : 1.3.6.1.4.1.4203.1.11.3") (version 3.0; acl "Anonymous extended : operation access"; allow(read) userdn="ldap:///anyone";), : "(target="ldap:///")(targetscope="base")(targetattr="objectClass|| : namingContexts||supportedAuthPasswordSchemes||supportedControl||su : pportedExtension||supportedFeatures||supportedLDAPVersion||support : edSASLMechanisms||vendorName||vendorVersion")(version 3.0; acl : "User-Visible Root DSE Operational Attributes"; allow : (read,search,compare) userdn="ldap:///anyone";)", : (target="ldap:///cn=changelog")(targetattr="*")(version 3.0; acl : "External changelog access"; deny (all) userdn="ldap:///anyone";), : "(target="ldap:///cn=schema")(targetscope="base")(targetattr="obje : ctClass||attributeTypes||dITContentRules||dITStructureRules||ldapS : yntaxes||matchingRules||matchingRuleUse||nameForms||objectClasses" : )(version 3.0; acl "User-Visible Schema Operational Attributes"; : allow (read,search,compare) userdn="ldap:///anyone";)", : (target="ldap:///dc=replicationchanges")(targetattr="*")(version : 3.0; acl "Replication backend access"; deny (all) : userdn="ldap:///anyone";), : "(targetattr!="userPassword||authPassword")(version 3.0; acl : "Anonymous read access"; allow (read,search,compare) : userdn="ldap:///anyone";)", : (targetattr="audio||authPassword||description||displayName||givenN : ame||homePhone||homePostalAddress||initials||jpegPhoto||labeledURI : ||mobile||pager||postalAddress||postalCode||preferredLanguage||tel : ephoneNumber||userPassword")(version 3.0; acl "Self entry : modification"; allow (write) userdn="ldap:///self";), : "(targetattr="createTimestamp||creatorsName||modifiersName||modify : Timestamp||entryDN||entryUUID||subschemaSubentry")(version 3.0; : acl "User-Visible Operational Attributes"; allow : (read,search,compare) userdn="ldap:///anyone";)", : "(targetattr="userPassword||authPassword")(version 3.0; acl "Self : entry read"; allow (read,search,compare) userdn="ldap:///self";)", : (targetcontrol="1.3.6.1.1.12 || 1.3.6.1.1.13.1 || 1.3.6.1.1.13.2 : || 1.2.840.113556.1.4.319 || 1.2.826.0.1.3344810.2.3 || : 2.16.840.1.113730.3.4.18 || 2.16.840.1.113730.3.4.9 || : 1.2.840.113556.1.4.473 || 1.3.6.1.4.1.42.2.27.9.5.9") (version : 3.0; acl "Authenticated users control access"; allow(read) : userdn="ldap:///all";), (targetcontrol="2.16.840.1.113730.3.4.2 || : 2.16.840.1.113730.3.4.17 || 2.16.840.1.113730.3.4.19 || : 1.3.6.1.4.1.4203.1.10.2 || 1.3.6.1.4.1.42.2.27.8.5.1 || : 2.16.840.1.113730.3.4.16") (version 3.0; acl "Anonymous control : access"; allow(read) userdn="ldap:///anyone";)