Access Manager
string, multi-valued
The set of ACI's associated with this role. The format is a DN:ACI pair, where the DN of the entry is specified with its ACI. When deleting a role, this attribute allows for the ACI's associated with this role to be located and cleaned up properly.
For native mode (with domain nodes on the organization tree):
iplanet-am-role-aci-list: o=sesta.com, o=basedn:aci: (target="ldap:///o=sesta.com,o=basedn") (targetfilter=(!(|(nsroledn=cn=Top-level Admin Role,o=sesta.com,o=basedn) (nsroledn=cn=Top-level Help Desk Admin Role,o=sesta.com,o=basedn)))) (targetattr != "nsroledn") (version 3.0; acl "Organization Admin access allow"; allow (all) roledn = "ldap:///cn=myrole,o=sesta.com,o=basedn";)
For compatibility mode (with domain nodes on a DC Tree):
iplanet-am-role-aci-list: dc=sesta,dc=com:aci: (target="ldap:///dc=sesta,dc=com") (targetfilter=(!(|(nsroledn=cn=Top-level Admin Role,dc=sesta,dc=com) (nsroledn=cn=Top-level Help Desk Admin Role,dc=sesta,dc=com)))) (targetattr != "nsroledn") (version 3.0; acl "Organization Admin access allow"; allow (all) roledn = "ldap:///cn=myrole,dc=sesta,dc=com";)
2.16.840.1.113730.3.1.1082