ACI “Anonymous Example.com” (Sun Java System Directory Server Enterprise Edition 6.0 Administration Guide)

Sun Java System Directory Server Enterprise Edition 6.0 Administration Guide

Previous: Creating, Viewing, and Modifying ACIs
Next: ACI “Anonymous World”

ACI “Anonymous Example.com”

In LDIF, to grant read, search, and compare permissions to the entire Example.com tree to Example.com employees, you would write the following statement:

aci: (targetattr !="userPassword")(version 3.0; acl "Anonymous
 example"; allow (read, search, compare)
 userdn= "ldap:///anyone") ;)

This example assumes that the aci is added to the dc=example,dc=com entry. Note that the userPassword attribute is excluded from the scope of the ACI.

Note –

Any confidential attributes or visible attributes should be listed like the password attribute using (targetattr !="attribute-name").

Previous: Creating, Viewing, and Modifying ACIs
Next: ACI “Anonymous World”