HP-UX Directory Server 8.1 administrator guide

ManualsBrandsHP ManualsSoftwareHP-UX Directory Server

6.9.2 Granting write access to personal entries..............................................................................276

6.9.2.1 ACI "Write example.com"..............................................................................................276

6.9.2.2 ACI "Write Subscribers".................................................................................................277

6.9.3 Restricting access to key roles...............................................................................................278

6.9.3.1 ACI "Roles"....................................................................................................................278

6.9.4 Granting a group full access to a suffix.................................................................................279

6.9.4.1 ACI "HR".......................................................................................................................279

6.9.5 Granting rights to add and delete group entries...................................................................280

6.9.5.1 ACI "Create Group".......................................................................................................280

6.9.5.2 ACI "Delete Group".......................................................................................................281

6.9.6 Granting conditional access to a group or role.....................................................................281

6.9.6.1 ACI "HostedCompany1"...............................................................................................282

6.9.7 Denying access......................................................................................................................283

6.9.7.1 ACI "Billing Info Read"..................................................................................................283

6.9.7.2 ACI "Billing Info Deny".................................................................................................284

6.9.8 Setting a target using filtering...............................................................................................285

6.9.9 Allowing users to add or remove themselves from a group................................................285

6.9.9.1 ACI "Group Members"..................................................................................................285

6.9.10 Defining permissions for DNs that contain a comma.........................................................286

6.9.11 Proxied authorization ACI example....................................................................................286

6.10 Advanced access control: Using macro ACIs..............................................................................287

6.10.1 Macro ACI example.............................................................................................................287

6.10.2 Macro ACI syntax................................................................................................................289

6.10.2.1 Macro matching for ($dn)............................................................................................289

6.10.2.2 Macro matching for [$dn]............................................................................................290

6.10.2.3 Macro matching for ($attr.attrName)..........................................................................290

6.11 Access control and replication.....................................................................................................291

6.12 Compatibility with earlier releases..............................................................................................291

7 Managing user authentication.................................................................................293

7.1 Managing the password policy.....................................................................................................293

7.1.1 Configuring the password policy..........................................................................................293

7.1.1.1 Configuring a global password policy using the console.............................................294

7.1.1.2 Configuring a subtree/user password policy using the console...................................295

7.1.1.3 Configuring a global password policy using the command line..................................295

7.1.1.4 Configuring subtree/user password policy using the command line...........................298

7.1.2 Setting user passwords..........................................................................................................300

7.1.3 Password change extended operation...................................................................................300

7.1.4 Configuring the account lockout policy................................................................................301

7.1.4.1 Configuring the account lockout policy using the console...........................................302

7.1.4.2 Configuring the account lockout policy using the command line................................302

7.1.5 Managing the password policy in a replicated environment...............................................303

7.1.6 Synchronizing passwords.....................................................................................................303

7.2 Inactivating users and roles...........................................................................................................304

7.2.1 Inactivating user and roles using the console.......................................................................304

7.2.2 Inactivating user and roles using the command line............................................................304

7.2.3 Activating user and roles using the console..........................................................................305

7.2.4 Activating user and roles using the command line...............................................................305

7.3 Setting resource limits based on the bind DN...............................................................................306

7.3.1 Setting resource limits using the console..............................................................................306

7.3.2 Setting resource limits using the command line...................................................................306

7.4 Using pass-through authentication...............................................................................................307

7.4.1 How Directory Server uses PTA............................................................................................307

7.4.2 PTA plug-in syntax................................................................................................................308

Table of Contents 9