Oracle Fusion Middleware Administration Guide for Oracle Directory Server Enterprise Edition

ACI “Anonymous”

In LDIF, to grant read, search, and compare permissions to the entire tree to employees, you would write the following statement:

aci: (targetattr !="userPassword")(version 3.0; acl "Anonymous
 example"; allow (read, search, compare)
 userdn= "ldap:///anyone") ;)

This example assumes that the aci is added to the dc=example,dc=com entry. Note that the userPassword attribute is excluded from the scope of the ACI.

Note –

Protect attributes that are confidential and attributes that should not be visible using the same syntax used in the example to protect the password attribute, (targetattr !="attribute-name").