HP-UX Directory Server 8.1 Administrator (766147-001, March 2014)

ManualsBrandsHP ManualsSoftwareHP-UX Directory Server

Defining permissions........................................................................................................241

Allowing or denying access..........................................................................................241

Assigning rights..........................................................................................................241

Rights required for LDAP operations...............................................................................242

Permissions syntax.......................................................................................................243

Access control and the modrdn operation.......................................................................243

Bind rules............................................................................................................................243

Bind rule syntax...............................................................................................................244

Defining user access - userdn keyword................................................................................244

Anonymous access (anyone keyword)............................................................................245

General access (all keyword)........................................................................................245

Self access (self keyword).............................................................................................245

Parent access (parent keyword).....................................................................................245

LDAP URLs..................................................................................................................245

Wildcards..................................................................................................................246

Examples...................................................................................................................246

Defining group access - groupdn keyword...........................................................................247

Defining role access - roledn keyword.................................................................................248

Defining access based on value matching...........................................................................248

Using the userattr keyword...........................................................................................249

Example with USERDN bind type.............................................................................249

Example with GROUPDN bind type..........................................................................249

Example with ROLEDN bind type.............................................................................250

Example with LDAPURL bind type.............................................................................250

Example with any attribute value..............................................................................250

Using the userattr keyword with inheritance................................................................250

Granting add permission using the userattr keyword...................................................251

Defining access from a specific IP address...........................................................................252

Defining access from a specific domain..............................................................................252

Defining access at a specific time of day or day of week......................................................253

Examples...................................................................................................................253

Defining access based on authentication method.................................................................254

Examples...................................................................................................................254

Using Boolean bind rules..................................................................................................255

Creating ACIs from the console..............................................................................................255

Displaying the Access Control Editor...................................................................................256

Creating a new ACI.........................................................................................................257

Editing an ACI.................................................................................................................262

Deleting an ACI...............................................................................................................262

Viewing ACIs.......................................................................................................................263

Checking access rights on entries (get effective rights)................................................................263

Rights shown with a get effective rights search.....................................................................264

The format of a get effective rights search............................................................................264

General examples on checking access rights..................................................................265

Examples of get effective rights searches for non-existent attributes.....................................267

Examples of get effective rights searches for specific attributes or object classes...................268

Examples of get effective rights searches for operational attributes.....................................270

Examples of get effective rights results and access control rules..........................................270

Using get effective rights from the console...........................................................................271

Get effective rights return codes.........................................................................................272

Logging access control information.........................................................................................273

Access control usage examples..............................................................................................273

Granting anonymous access..............................................................................................274

ACI "Anonymous example.com"...................................................................................274

ACI "Anonymous World".............................................................................................274

8 Contents