Access controls determine who has access (permission) to a given directory entry, and what level of access is granted. The following section, "Configuring Access Control," explains how to design an access control policy for your directory. The following sections explain how to add, modify, and delete access control rules, using the commands described in Chapter 2, "Commands Reference," in the sections "ldapadd", "ldapdelete", and "ldapmodify."
An access control rule defines the level of access (sets the permissions) to specific directory information given to a particular user. The two stages used to define a new access control rule are:
|
|
Specify the directory information to which the rule applies. This is the information that you want to protect. |
|
|
Specify the level of access granted to each user for this information. |
Access control rules are hierarchical, with the most specific rules listed first, followed by more general rules. At a given level of the hierarchy, the action of the rule is limited by the access controls at the level above. At any level, the term All entries means all entries for which a specific access control rule has not already been set.