HP-UX Directory Server Administrator Guide HP-UX Directory Server Version 8.1 (5900-3332, November 2013)

ManualsBrandsHP ManualsSoftwareHP-UX Directory Server

About the CoS template entry.......................................................................................188

How a pointer CoS works............................................................................................189

How an indirect CoS works..........................................................................................189

How a classic CoS works.............................................................................................190

Searches for CoS-specified attributes..............................................................................191

Managing CoS using the console......................................................................................192

Creating a new CoS....................................................................................................192

Creating the CoS template entry...................................................................................196

Deleting a CoS...........................................................................................................204

Managing CoS from the command line..............................................................................204

Creating the CoS definition entry from the command line.................................................205

Creating the CoS template entry from the command line..................................................206

Example of a pointer CoS............................................................................................207

Example of an indirect CoS..........................................................................................208

Example of a classic CoS.............................................................................................208

Searching for CoS entries.............................................................................................209

Creating role-based attributes............................................................................................209

Access control and CoS....................................................................................................210

Using views.........................................................................................................................210

Creating views in the console............................................................................................211

Deleting views from the Directory Server Console.................................................................216

Creating views from the command line...............................................................................216

Deleting views from the command line................................................................................216

Using groups.......................................................................................................................216

Managing static groups....................................................................................................217

Managing dynamic groups...............................................................................................220

Creating and managing groups in the command line...........................................................224

Using the memberOf Attribute to manage group membership information...............................225

The MemberOf plug-in syntax.......................................................................................225

Configuring an instance of the MemberOf plug-in from the command line..........................226

Editing the MemberOf Plug-in from the console...........................................................226

Editing the MemberOf Plug-in from the command line.................................................228

Synchronizing memberOf values...................................................................................229

Initializing and regenerating memberOf attributes using fixup-memberof.pl.....................229

Initializing and regenerating memberOf Attributes using ldapmodify.............................229

Support links between two attributes.......................................................................................230

6 Managing Access Control.......................................................................232

Access control principles........................................................................................................232

ACI structure...................................................................................................................232

ACI placement................................................................................................................233

ACI evaluation.................................................................................................................233

ACI limitations.................................................................................................................233

Default ACIs.........................................................................................................................234

Creating ACIs manually.........................................................................................................235

The ACI syntax................................................................................................................235

Defining targets...............................................................................................................235

Targeting a directory entry...........................................................................................236

Targeting attributes......................................................................................................237

Targeting both an entry and attributes............................................................................238

Targeting entries or attributes using LDAP filters...............................................................238

Targeting attribute values using LDAP filters.....................................................................239

Targeting a single directory entry..................................................................................239

Defining permissions........................................................................................................240

Allowing or denying access..........................................................................................240

Contents 7