Red Hat Directory Server 8.0 Administrator's Guide

Code Description

queried, then this error is returned.

16 No such attribute. If an attribute is specifically

queried for access rights but that attribute

does not exist in the schema, this error is

returned.

17 Undefined attribute type.

21 Invalid attribute syntax.

50 Insufficient rights.

52 Unavailable.

53 Unwilling to perform.

80 Other.

Table 6.8. Returned Result Codes

8. Logging Access Control Information

To obtain information on access control in the error logs, you must set the appropriate log level.

To set the error log level from the Console:

1. In the Console, click the Directory tab, right-click the config node, and choose Properties

from the pop-up menu.

This displays the Property Editor for the cn=config entry.

2. Scroll down the list of attribute value pairs to locate the nsslapd-errorlog-level attribute.

3. Add 128 to the value already displayed in the nsslapd-errorlog-level value field.

For example, if the value already displayed is 8192 (replication debugging), change the value

to 8320. For complete information on error log levels, see the Directory Server Configuration,

Command, and File Reference.

4. Click OK to dismiss the Property Editor.

9. Access Control Usage Examples

The examples provided in this section illustrate how an imaginary ISP company, example.com,

would implement its access control policy. All the examples explain how to perform a given task

from the Console and using an LDIF file.

example.com's business is to offer a web hosting service and Internet access. Part of

example.com's web hosting service is to host the directories of client companies. example.com

Chapter 6. Managing Access Control

216