To create ACIs by using the command line, you first create the ACIs in a file using LDIF statements. Then you add the ACIs to your directory tree by using the ldapmodify command.
You can use DSCC to perform this task. For information, see Directory Service Control Center Interface and the DSCC online help.
Create the ACI in an LDIF file.
dn: dc=example,dc=com changetype: modify add: aci aci: (target)(version 3.0; acl "name";permission bindrules;) |
This example shows how to add an ACI. To modify or delete the ACI, replace add with replace or delete.
For more examples of ACIs that are commonly used, see Access Control Usage Examples.
Make the change using the LDIF file.
$ ldapmodify -h host -p port -D cn=admin,cn=Administrators,cn=config -w - -f ldif-file |