Manualshelf

Red Hat Directory Server 8.0 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX Red Hat Directory Server Software
241242243244245246247248249250
a. Select and remove All Users, then click Add.
The Add Users and Groups dialog box opens.
b. Set the Search area to Special Rights, and select Self from the search results list.
c. Click the Add button to list Self in the list of users who are granted access permission.
d. Click OK to dismiss the Add Users and Groups dialog box.
4. In the Rights tab, select the checkbox for write. Make sure the other checkboxes are clear.
5. In the Targets tab, click This Entry to display the ou=subscribers, dc=example,dc=com
suffix in the Target directory entry field.
a. In the Filter for subentries field, type the following filter:
(!(unlistedSubscriber=yes))
b. In the attribute table, select the checkboxes for the homePhone, homePostalAddress, and
mail attributes.
All other checkboxes should be clear; if necessary, click the Check None button to clear
the checkboxes for all attributes in the table, then click the Name header to organize them
alphabetically, and select the appropriate ones.
c. Optionally, to require users to authenticate using SSL, switch to manual editing by clicking
the Edit Manually button, and add authmethod=ssl to the LDIF statement so that it reads
as follows:
(targetattr="homePostalAddress || homePhone || mail")
(version 3.0; acl "Write Subscribers"; allow (write)
(userdn= "ldap:///self") and authmethod="ssl";)
6. Click OK.
The new ACI is added to the ones listed in the Access Control Manager window.
9.3. Restricting Access to Key Roles
You can use role definitions in the directory to identify functions that are critical to your
business, the administration of your network and directory, or another purpose.
For example, you might create a superAdmin role by identifying a subset of your system
administrators that are available at a particular time of day and day of the week at corporate
sites worldwide, or you might want to create a First Aid role that includes all members of staff
on a particular site that have done first aid training. For information on creating role definitions,
Chapter 6. Managing Access Control
222