-------------------------------------------------------------------------------------------------------------
# # consolidate # aci: (target=”ldap:///ou=services,$rootSuffix”) (targetfilter=(!(objectclass=sunServiceComponent))) (targetattr = “*”) (version 3.0; acl “S1IS Services anonymous access”; allow (read, search, compare) userdn = “ldap:///anyone”;)
操作:合并为单个匿名 ACI。
这是若干用于授予匿名特权的 ACI 之一。
-------------------------------------------------------------------------------------------------------------
-------------------------------------------------------------------------------------------------------------
# # consolidate # aci: (target=”ldap:///ou=iPlanetAMAdminConsoleService,*,$rootSuffix”) (targetattr = “*”) (version 3.0; acl “S1IS iPlanetAMAdminConsoleService anonymous access”; allow (read, search, compare) userdn = “ldap:///anyone”;)
操作:合并为单个匿名 ACI。
这是若干用于授予匿名特权的 ACI 之一。
-------------------------------------------------------------------------------------------------------------
-------------------------------------------------------------------------------------------------------------
# # discard # aci: (target=”ldap:///$rootSuffix”) (targetfilter=(entrydn=$rootSuffix)) (targetattr=”*”) (version 3.0; acl “S1IS Default Organization delete right denied”; deny (delete) userdn = “ldap:///anyone”; )
操作:放弃。
此 ACI 可阻止任何用户(rootdn 除外)删除默认组织。
-------------------------------------------------------------------------------------------------------------
-------------------------------------------------------------------------------------------------------------
# # discard # aci: (target=”ldap:///cn=Top-level Admin Role,$rootSuffix”) (targetattr=”*”) (version 3.0; acl “S1IS Top-level admin delete right denied”; deny(delete) userdn = “ldap:///anyone”; )
操作:放弃。
此 ACI 可阻止任何用户(rootdn 除外)删除顶级管理员职责。
-------------------------------------------------------------------------------------------------------------