JavaScript is required to for searching.
Skip Navigation Links
Exit Print View
Oracle Directory Server Enterprise Edition Administration Guide 11g Release 1 (11.1.1.5.0)
Oracle Technology Network
Library
PDF
Print View
Feedback
search filter icon
search icon

Document Information

Preface

Part I Directory Server Administration

1.  Directory Server Tools

2.  Directory Server Instances and Suffixes

3.  Directory Server Configuration

4.  Directory Server Entries

5.  Directory Server Security

6.  Directory Server Access Control

Creating, Viewing, and Modifying ACIs

To Create, Modify, and Delete ACIs

To View ACI Attribute Values

To View ACIs at the Root Level

ACI Syntax

ACI Targets

Target Syntax

Target Keywords

ACI Permissions

Permission Syntax

Permission Rights

Permissions for Typical LDAP Operations

ACI Bind Rules

Introduction to Bind Rules

Bind Rule Syntax

Bind Rule Keywords

Boolean Bind Rules

To Allow Normal Users to Manage User Accounts Using dsutil Command

Access Control Usage Examples

Granting Anonymous Access

ACI "Anonymous Example.com"

ACI "Anonymous World"

Granting Write Access to Personal Entries

ACI "Write Example.com"

ACI "Write Subscribers"

Granting Access to a Certain Level

ACI "Read Example.com only"

Restricting Access to Key Roles

ACI "Roles"

Granting a Role Full Access to an Entire Suffix

ACI "Full Access"

Granting a Group Full Access to a Suffix

ACI "HR"

Granting Rights to Add and Delete Group Entries

ACI "Create Group"

ACI "Delete Group"

Allowing Users to Add or Remove Themselves From a Group

ACI "Group Members"

Granting Conditional Access to a Group or Role

ACI "Company333"

Denying Access

ACI "Billing Info Read"

ACI "Billing Info Deny"

Proxy Authorization

Example Proxy Authorization

Setting a Target Using Filtering

Defining Permissions for DNs That Contain a Comma

Viewing Effective Rights

Restricting Access to the Get Effective Rights Control

Using the Get Effective Rights Control

Advanced Access Control: Using Macro ACIs

Macro ACI Example

Macro ACI Syntax

Matching for ($dn) in the Target

Substituting ($dn) in the Subject

Substituting [$dn] in the Subject

Macro Matching for ($attr.attrName)

Logging Access Control Information

To Set Logging for ACIs

Client-Host Access Control Through TCP Wrapping

To Enable TCP Wrapping

To Disable TCP Wrapping

7.  Directory Server Password Policy

8.  Directory Server Backup and Restore

9.  Directory Server Groups, Roles, and CoS

10.  Directory Server Replication

11.  Directory Server Schema

12.  Directory Server Indexing

13.  Directory Server Attribute Value Uniqueness

14.  Directory Server Logging

15.  Directory Server Monitoring

Part II Directory Proxy Server Administration

16.  Directory Proxy Server Tools

17.  Directory Proxy Server Instances

18.  LDAP Data Views

19.  Directory Proxy Server Certificates

20.  Directory Proxy Server Load Balancing and Client Affinity

21.  Directory Proxy Server Distribution

22.  Directory Proxy Server Virtualization

23.  Virtual Data Transformations

24.  Connections Between Directory Proxy Server and Back-End LDAP Servers

25.  Connections Between Clients and Directory Proxy Server

26.  Directory Proxy Server Client Authentication

27.  Directory Proxy Server Logging

28.  Directory Proxy Server Monitoring and Alerts

Part III Directory Service Control Center Administration

29.  Directory Service Control Center Configuration

Index

Logging Access Control Information

To obtain information about access control in the error logs, you must set the appropriate log level.

To Set Logging for ACIs

You cannot use DSCC to perform this task. Use the command line, as described in this procedure.

Copyright © 2011, Oracle and/or its affiliates. All rights reserved. Legal Notices
Previous Next