HP-UX Directory Server Administrator Guide HP-UX Directory Server Version 8.1 (5900-3332, November 2013)

ManualsBrandsHP ManualsSoftwareHP-UX Directory Server

Assigning rights..........................................................................................................240

Rights required for LDAP operations...............................................................................241

Permissions syntax.......................................................................................................242

Access control and the modrdn operation.......................................................................242

Bind rules............................................................................................................................242

Bind rule syntax...............................................................................................................243

Defining user access - userdn keyword................................................................................243

Anonymous access (anyone keyword)............................................................................244

General access (all keyword)........................................................................................244

Self access (self keyword).............................................................................................244

Parent access (parent keyword).....................................................................................244

LDAP URLs..................................................................................................................244

Wildcards..................................................................................................................245

Examples...................................................................................................................245

Defining group access - groupdn keyword...........................................................................246

Defining role access - roledn keyword.................................................................................247

Defining access based on value matching...........................................................................247

Using the userattr keyword...........................................................................................248

Example with USERDN bind type.............................................................................248

Example with GROUPDN bind type..........................................................................248

Example with ROLEDN bind type.............................................................................249

Example with LDAPURL bind type.............................................................................249

Example with any attribute value..............................................................................249

Using the userattr keyword with inheritance................................................................249

Granting add permission using the userattr keyword...................................................250

Defining access from a specific IP address...........................................................................251

Defining access from a specific domain..............................................................................251

Defining access at a specific time of day or day of week......................................................252

Examples...................................................................................................................252

Defining access based on authentication method.................................................................253

Examples...................................................................................................................253

Using Boolean bind rules..................................................................................................254

Creating ACIs from the console..............................................................................................254

Displaying the Access Control Editor...................................................................................255

Creating a new ACI.........................................................................................................256

Editing an ACI.................................................................................................................261

Deleting an ACI...............................................................................................................261

Viewing ACIs.......................................................................................................................262

Checking access rights on entries (get effective rights)................................................................262

Rights shown with a get effective rights search.....................................................................263

The format of a get effective rights search............................................................................263

General examples on checking access rights..................................................................264

Examples of get effective rights searches for non-existent attributes.....................................266

Examples of get effective rights searches for specific attributes or object classes...................267

Examples of get effective rights searches for operational attributes.....................................269

Examples of get effective rights results and access control rules..........................................269

Using get effective rights from the console...........................................................................270

Get effective rights return codes.........................................................................................271

Logging access control information.........................................................................................272

Access control usage examples..............................................................................................272

Granting anonymous access..............................................................................................273

ACI "Anonymous example.com"...................................................................................273

ACI "Anonymous World".............................................................................................273

Granting write access to personal entries............................................................................274

ACI "Write example.com"............................................................................................274

8 Contents