ACI “Company333” (Sun Java System Directory Server Enterprise Edition 6.0 Administration Guide)

Sun Java System Directory Server Enterprise Edition 6.0 Administration Guide

Previous: Allowing Users to Add or Remove Themselves From a Group
Next: Denying Access

ACI “Company333”

In LDIF, to grant Company333 full access to its own branch of the directory under the conditions stated previously, you would write the following statement:

aci: (targetattr = "*") (version 3.0; acl "Company333"; allow (all)
 (roledn="ldap:///cn=DirectoryAdmin,ou=Company333,
 ou=corporate clients,dc=example,dc=com") and (authmethod="ssl")
 and (dayofweek="Mon,Tues,Wed,Thu") and (timeofday >= "0800" and
 timeofday <= "1800") and (ip="255.255.123.234"); )

This example assumes that the ACI is added to the ou=Company333,ou=corporate clients,dc=example,dc=com entry.

Previous: Allowing Users to Add or Remove Themselves From a Group
Next: Denying Access