Manualshelf

Red Hat Directory Server 8.0 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX Red Hat Directory Server Software
241242243244245246247248249250
display the Access Control Manager.
2. Click New to display the Access Control Editor.
3. In the Users/Groups tab, in the ACI name field, type HR. In the list of users granted access
permission, do the following:
a. Select and remove All Users, then click Add.
The Add Users and Groups dialog box opens.
b. Set the Search area to Users and Groups, and type HRgroup in the Search for field.
This example assumes that you have created an HR group or role. For more information
on groups and roles, see Chapter 5, Managing Entries with Roles, Class of Service, and
Views.
c. Click the Add button to list the HR group in the list of users who are granted access
permission.
d. Click OK to dismiss the Add Users and Groups dialog box.
4. In the Rights tab, click the Check All button.
All checkboxes are selected, except for proxy rights.
5. Click OK.
The new ACI is added to the ones listed in the Access Control Manager window.
9.5. Granting Rights to Add and Delete Group Entries
Some organizations want to allow employees to create entries in the tree if it can increase their
efficiency or if it can contribute to the corporate dynamics.
At example.com, there is an active social committee that is organized into various clubs, such
as tennis, swimming, and skiing. Any example.com employee can create a group entry
representing a new club. This is illustrated in Section 9.5.1, “ACI "Create Group"”. Any
example.com employee can become a member of one of these groups. This is illustrated in
Section 9.9.1, “ACI "Group Members"” under Section 9.9, “Allowing Users to Add or Remove
Themselves from a Group”. Only the group owner can modify or delete a group entry. This is
illustrated in Section 9.5.2, “ACI "Delete Group"”.
9.5.1. ACI "Create Group"
In LDIF, to grant example.com employees the right to create a group entry under the ou=Social
Committee branch, write the following statement:
aci: (target="ldap:///ou=social committee,dc=example,dc=com)
(targattrfilters="add=objectClass:(objectClass=groupOfNames)")
Granting Rights to Add and Delete Group
225