Red Hat Directory Server 8.0 Administrator's Guide

suffix in the Target directory entry field. In the attribute table, select the checkboxes for the

homePhone, homePostalAddress, and userPassword attributes.

All other checkboxes should be clear; if it is easier, click the Check None button to clear the

checkboxes for all attributes in the table, then click the Name header to organize them

alphabetically, and select the appropriate ones.

6. In the Hosts tab, click Add to display the Add Host Filter dialog box. In the DNS host filter

field, type *.example.com. Click OK to dismiss the dialog box.

7. Click OK in the Access Control Editor window.

The new ACI is added to the ones listed in the Access Control Manager window.

9.2.2. ACI "Write Subscribers"

NOTE

By setting this permission, you are also granting users the right to delete attribute

values.

In LDIF, to grant example.com subscribers the right to update their password and home

telephone number, write the following statement:

aci: (targetattr="userPassword || homePhone") (version 3.0; acl

"Write Subscribers"; allow (write) userdn= "ldap://self" and

authmethod="ssl";)

This example assumes that the aci is added to the ou=subscribers, dc=example,dc=com

entry.

example.com subscribers do not have write access to their home address because they might

delete the attribute, and example.com needs that information for billing. Therefore, the home

address is business-critical information.

From the Console, set this permission by doing the following:

1. In the Directory tab, right-click the Subscribers entry under the example.com node in the left

navigation tree, and choose Set Access Permissions from the pop-up menu to display the

Access Control Manager.

2. Click New to display the Access Control Editor.

3. In the Users/Groups tab, in the ACI name field, type Write Subscribers. In the list of

users granted access permission, do the following:

Granting Write Access to Personal Entries

221