Permission Levels

There are five permission levels for directory information. From the least privileged to the most privileged, they are:

• none

  You are not permitted to access the entry at all, and will not even see information indicating that the entry exists.

• compare

  You can compare the value of a given attribute with a value you supply, but you cannot read the attribute value. This is used when checking passwords.

• search

  You can read the distinguished name of an entry, and you can search for entries based on the existence of an attribute or attribute value. You will not necessarily be able to read the attribute value.

• read

  You can read the value of any accessible attribute within an entry.

• write

  You can write information into an entry or attribute, that is, you can modify or delete an attribute value, attribute, or whole entry.

When you are granted permission for a given level of operation, you are implicitly granted all lower levels of permission. For example, read permission implies that search and compare permissions are granted too.