Configuration Reference Home
Oracle Unified Directory - Subtree Access Control QOS Policy Advanced

Subtree Access Control QOS Policy Advanced

The Subtree Access Control QOS Policy Advanced is used to define the access control of a subtree/context.

Parent Component

The Subtree Access Control QOS Policy Advanced component inherits from the QOS Policy Advanced

Properties

A description of each property follows.


Basic Properties: Advanced Properties:
↓ allowed-attributes ↓ java-class
↓ allowed-bind-dn
↓ allowed-operations
↓ allowed-search-scopes
↓ allowed-subtrees
↓ base-dn
↓ prohibited-attributes
↓ prohibited-bind-dn
↓ prohibited-subtrees

Basic Properties

allowed-attributes

Description
Specifies which attributes are allowed in search and compare operations.
Default Value
All non-prohibited attributes.
Allowed Values
A String
Multi-valued
Yes
Required
No
Admin Action Required
None
Advanced Property
No
Read-only
No

allowed-bind-dn

Description
Specifies a set of bind DN patterns that determine the clients that are allowed to establish connections to this Subtree Access Control QOS Policy Advanced. Valid bind DN filters are strings composed of zero or more wildcards. A double wildcard ** replaces one or more RDN components (as in uid=dmiller,**,dc=example,dc=com). A simple wildcard * replaces either a whole RDN, or a whole type, or a value substring (as in uid=bj*,ou=people,dc=example,dc=com).
Default Value
All non-prohibited bind DNs are allowed.
Allowed Values
A String
Multi-valued
Yes
Required
No
Admin Action Required
None. Changes to this property take effect immediately and do not interfere with connections that may have already been established.
Advanced Property
No
Read-only
No

allowed-operations

Description
Specifies which operations are allowed by the server.
Default Value
All operations are allowed.
Allowed Values
add - Add operations.

bind - Bind operations.

compare - Compare operations

delete - Delete operations

extended - Extended operations

inequality-search - Inequality Search operations

modify - Modify operations

rename - Rename operations

search - Search operations


Multi-valued
Yes
Required
No
Admin Action Required
None
Advanced Property
No
Read-only
No

allowed-search-scopes

Description
Specifies which search scopes are allowed by the server.
Default Value
All search scopes are allowed.
Allowed Values
base - Base-object search.

children - Subordinate subtree search

one - One-level search.

sub - Whole subtree search


Multi-valued
Yes
Required
No
Admin Action Required
None
Advanced Property
No
Read-only
No

allowed-subtrees

Description
Specifies which subtrees are accessible to clients.
Default Value
All non-prohibited subtrees.
Allowed Values
A valid DN.
Multi-valued
Yes
Required
No
Admin Action Required
None
Advanced Property
No
Read-only
No

base-dn

Description
Specifies the base DN of the data targeted by the Subtree Access Control QOS Policy Advanced .
Default Value
None
Allowed Values
A valid DN.
Multi-valued
No
Required
Yes
Admin Action Required
None
Advanced Property
No
Read-only
Yes

prohibited-attributes

Description
Specifies which attributes are not allowed in search and compare operations.
Default Value
All allowed attributes.
Allowed Values
A String
Multi-valued
Yes
Required
No
Admin Action Required
None
Advanced Property
No
Read-only
No

prohibited-bind-dn

Description
Specifies a set of bind DN patterns that determine the clients that are prohibited to establish connections to this Subtree Access Control QOS Policy Advanced. Valid bind DN filters are strings composed of zero or more wildcards. A double wildcard ** replaces one or more RDN components (as in uid=dmiller,**,dc=example,dc=com). A simple wildcard * replaces either a whole RDN, or a whole type, or a value substring (as in uid=bj*,ou=people,dc=example,dc=com).
Default Value
All bind DNs are allowed.
Allowed Values
A String
Multi-valued
Yes
Required
No
Admin Action Required
None. Changes to this property take effect immediately and do not interfere with connections that may have already been established.
Advanced Property
No
Read-only
No

prohibited-subtrees

Description
Specifies which subtrees must be hidden from clients. Each prohibited subtree must be subordinate to an allowed subtree.
Default Value
All allowed subtrees.
Allowed Values
A valid DN.
Multi-valued
Yes
Required
No
Admin Action Required
None
Advanced Property
No
Read-only
No


Advanced Properties

java-class

Description
Specifies the fully-qualified name of the Java class that provides the Subtree Access Control QOS Policy Advanced implementation.
Default Value
org.opends.server.core.networkgroups.SubtreeAccessControlPolicyFactory
Allowed Values
A java class that implements or extends the class(es) :
org.opends.server.api.QOSPolicyAdvancedFactory
Multi-valued
No
Required
Yes
Admin Action Required
The Subtree Access Control QOS Policy Advanced must be disabled and re-enabled for changes to this setting to take effect
Advanced Property
Yes
Read-only
No


Copyright © 2019, 2024, Oracle and/or its affiliates. All Rights Reserved.