HP-UX Directory Server 8.1 administrator guide

ManualsBrandsHP ManualsSoftwareHP-UX Directory Server

5.2.1 About CoS..............................................................................................................................188

5.2.1.1 About the CoS definition entry.....................................................................................188

5.2.1.2 About the CoS template entry.......................................................................................188

5.2.1.3 How a pointer CoS works.............................................................................................189

5.2.1.4 How an indirect CoS works..........................................................................................189

5.2.1.5 How a classic CoS works...............................................................................................190

5.2.1.6 Searches for CoS-specified attributes............................................................................191

5.2.2 Managing CoS using the console..........................................................................................192

5.2.2.1 Creating a new CoS.......................................................................................................192

5.2.2.2 Creating the CoS template entry...................................................................................196

5.2.2.3 Deleting a CoS...............................................................................................................204

5.2.3 Managing CoS from the command line................................................................................204

5.2.3.1 Creating the CoS definition entry from the command line..........................................204

5.2.3.2 Creating the CoS template entry from the command line............................................206

5.2.3.3 Example of a pointer CoS..............................................................................................207

5.2.3.4 Example of an indirect CoS...........................................................................................208

5.2.3.5 Example of a classic CoS...............................................................................................208

5.2.3.6 Searching for CoS entries..............................................................................................209

5.2.4 Creating role-based attributes...............................................................................................209

5.2.5 Access control and CoS.........................................................................................................210

5.3 Using views...................................................................................................................................210

5.3.1 Creating views in the console................................................................................................211

5.3.2 Deleting views from the Directory Server Console...............................................................217

5.3.3 Creating views from the command line................................................................................217

5.3.4 Deleting views from the command line................................................................................217

5.4 Using groups.................................................................................................................................217

5.4.1 Managing static groups.........................................................................................................218

5.4.2 Managing dynamic groups...................................................................................................222

5.4.3 Creating and managing groups in the command line..........................................................226

5.4.4 Using the memberOf Attribute to manage group membership information.......................227

5.4.4.1 The MemberOf plug-in syntax......................................................................................227

5.4.4.2 Configuring an instance of the MemberOf plug-in from the command line................228

5.4.4.2.1 Editing the MemberOf Plug-in from the console..................................................228

5.4.4.2.2 Editing the MemberOf Plug-in from the command line.......................................230

5.4.4.3 Synchronizing memberOf values..................................................................................231

5.4.4.3.1 Initializing and regenerating memberOf attributes using fixup-memberof.pl....231

5.4.4.3.2 Initializing and regenerating memberOf Attributes using ldapmodify...............231

6 Managing access control.........................................................................................233

6.1 Access control principles...............................................................................................................233

6.1.1 ACI structure.........................................................................................................................233

6.1.2 ACI placement.......................................................................................................................234

6.1.3 ACI evaluation.......................................................................................................................234

6.1.4 ACI limitations......................................................................................................................234

6.2 Default ACIs..................................................................................................................................235

6.3 Creating ACIs manually................................................................................................................235

6.3.1 The ACI syntax......................................................................................................................236

6.3.2 Defining targets.....................................................................................................................236

6.3.2.1 Targeting a directory entry............................................................................................237

6.3.2.2 Targeting attributes.......................................................................................................238

6.3.2.3 Targeting both an entry and attributes..........................................................................239

6.3.2.4 Targeting entries or attributes using LDAP filters........................................................239

6.3.2.5 Targeting attribute values using LDAP filters..............................................................240

6.3.2.6 Targeting a single directory entry.................................................................................240

Table of Contents 7