Red Hat Directory Server 8.0 Administrator's Guide
c. Click the Add button to list the administrators role in the list of users who are granted
access permission.
d. Click OK to dismiss the Add Users and Groups dialog box.
4. In the Rights tab, click the Check All button.
5. In the Targets tab, click This Entry to display the
ou=HostedCompany1,ou=corporate-clients,dc=example,dc=com suffix in the Target
directory entry field.
6. In the Hosts tab, click Add to display the Add Host Filter dialog box. In the IP address host
filter field, type 255.255.123.234. Click OK.
The IP address must be a valid IP address for the host machine that the HostedCompany1
administrators use to connect to the example.com directory.
7. In the Times tab, select the block time corresponding to Monday through Thursday and 8
a.m. to 6 p.m.
A message appears below the table that specifies the selected time block.
8. To enforce SSL authentication from HostedCompany1 administrators, switch to manual
editing by clicking the Edit Manually button. Add the following to the end of the LDIF
statement:
and (authmethod="ssl")
The LDIF statement should be similar to the following:
aci: (targetattr = "*")
(target="ou=HostedCompany1,ou=corporate-clients,dc=example,dc=com")
(version 3.0; acl "HostedCompany1"; allow (all) (roledn=
"ldap:///cn=DirectoryAdmin,ou=HostedCompany1,ou=corporate-clients,
dc=example,dc=com") and
(dayofweek="Mon,Tues,Wed,Thu") and (timeofday >= "0800" and timeofday
<= "1800") and
(ip="255.255.123.234") and (authmethod="ssl"); )
9. Click OK.
The new ACI is added to the ones listed in the Access Control Manager window.
9.7. Denying Access
If your directory holds business-critical information, it may be necessary to specifically deny
access to it.
Denying Access
229