Manualshelf

LDAP-UX Client Services B.04.10 Administrator's Guide (edition 7)

ManualsBrandsHP ManualsSoftwareHP-UX LDAP-UX Integration Software
51525354555657585960
Setting ACI for Key Management
Before storing public keys in an LDAP server, LDAP administrators may wish to update their
LDAP access controls such that users can manage their own keys, and the Admin Proxy user
can manage host keys. This section describes how you set up access control instructions (ACI)
for an Admin Proxy user or a user.
Setting ACI for an Admin Proxy User
With Netscape Directory Server 6.11 and 6.21, you can use the Netscape Console or ldapmodify
to set up ACI, which gives an Admin Proxy user permissions to manage host and user keys in
the LDAP directory.
An Example
The following ACI gives the permissions for the Admin Proxy user uid=keyadmin to read,
write, and compare nissecretkey and nispublickey attributes for hosts and users:
dn:dc=org,dc=hp,dc=com
aci:(targetattr ="objectclass||nispublickey||nissecretkey")
(version 3.0;acl "Allow keyadmin to change key pairs";
allow (read,write,compare)
userdn="ldap:///uid=keyadmin,ou=people,dc=org,dc=hp,dc=com";)
52 Installing And Configuring LDAP-UX Client Services