Oracle Fusion Middleware Administration Guide for Oracle Directory Server Enterprise Edition

ProcedureTo Create the Required ACIs

Before you can test the JDBC data view, you must enable write access to the data view by configuring ACIs. By default, write access to non-LDAP data views is denied. For the purposes of this example, it is sufficient to add one global ACI that allows users to modify their own passwords.

  1. As the Proxy Manager, add a pool of ACIs to the JDBC data source and add a global ACI that allows users to modify their own entries.

    % ldapmodify -p 1389 -D "cn=proxy manager" -w password
    dn: cn=mysql1,cn=virtual access controls
    changetype: add
    objectclass: acisource
    dpsaci: (targetattr="*") (target = "ldap:///o=sql") 
    (version 3.0; acl "enable all access for all users "; allow(all) 
    cn: mysql1
  2. Create a connection handler to handle connections to the o=sql domain.

    % dpconf create-connection-handler mysql1-handler
  3. Enable the connection handler and configure it to handle all binds from users in the o=sql domain.

    % dpconf set-connection-handler-prop mysql1-handler is-enabled:true \
  4. Configure the connection handler to use the pool of ACIs added previously.

    % dpconf set-connection-handler-prop mysql1-handler aci-source:mysql1