Manualshelf

Red Hat Directory Server 8.0 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX Red Hat Directory Server Software
201202203204205206207208209210
ScenarioExample Description
Userdn
keyword
containing
self
keyword
userdn = "ldap:///self";
The bind rule is evaluated to be true if the user is accessing
the entry represented by the DN with which the user bound to
the directory. That is, if the user has bound as uid=ssarette,
dc=example,dc=com and the user is attempting an operation
on the uid=ssarette,dc=example,dc=com entry, then the
bind rule is true.
If you want to grant all users in the example.com tree write
access to their userPassword attribute, you would create the
following ACI on the dc=example,dc=com node.
aci: (targetattr = "userPassword") (version 3.0; acl "write-self";
allow (write) userdn = "ldap:///self";)
Userdn
keyword
containing
the
all
keyword
userdn = "ldap:///all";
The bind rule is evaluated to be true for any valid bind DN. To
be true, a valid distinguished name must be presented by the
user for a successful bind operation.
For example, if you want to grant read access to the entire tree
to all authenticated users, you would create the following ACI
on the dc=example,dc=com node:
aci:(version 3.0; acl "all-read"; allow (read) userdn="ldap:///all";)
Userdn
keyword
containing
the
anyone
keyword
userdn = "ldap:///anyone";
The bind rule is evaluated to be true for anyone; use this
keyword to provide anonymous access to your directory.
For example, if you want to allow anonymous read and search
access to the entire example.com tree, you would create the
following ACI on the dc=example,dc=com node:
aci: (version 3.0; acl "anonymous-read-search"; allow
(read,search) userdn = "ldap:///anyone";)
Userdn
keyword
containing
the
parent
keyword
userdn = "ldap:///parent";
The bind rule is evaluated to be true if the bind DN is the
parent of the targeted entry.
For example, if you want to grant write access to every user's
child entries, you would create the following ACI on the
dc=example,dc=com node:
aci:(version 3.0; acl "parent access"; allow (write)
userdn="ldap:///parent";)
Table 6.4. userdn Keyword Examples
Defining Group Access - groupdn Keyword
189