Sun Java System Directory Server Enterprise Edition 6.0 Administration Guide

Add Virtual Access Control

Access control on LDAP directories is handled by defining ACIs in the directories themselves. When data sources are accessed through virtual data views, ACIs must be defined that apply only to the data viewed through these data views.

Any access that goes through Directory Proxy Server is controlled by a connection handler. For information about connection handlers, see .

ProcedureAdd an ACI That Allows Anonymous Access

  1. Add the ACI.

    $ ldapadd -v -D "cn=proxy manager" -w password -p 389
    dn: cn=ldifonly-acis,cn=virtual access controls
    objectclass: top
    objectclass: aciSource
    cn: ldifonly-acis
    dpsaci: (targetattr="*")(version 3.0; acl "anonymous_access"; allow(all) (userdn="ldap:///anyone");)
  2. Point the connection handler to the virtual ACI.

    $ dpconf set-connection-handler-prop anonymous aci-source:ldifonly-acis
  3. Enable the connection handler.

    $ dpconf set-connection-handler-prop anonymous is-enabled:true