Manualshelf

Red Hat Directory Server 8.0 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX Red Hat Directory Server Software
251252253254255256257258259260
subdomains with the same tree structure (ou=groups, ou=people). This pattern is also repeated
across the tree because the example.com directory tree stores the suffixes
dc=hostedCompany2, dc=example,dc=com and dc=hostedCompany3,dc=example,dc=com.
The ACIs that apply in the directory tree also have a repeating pattern. For example, the
following ACI is located on the dc=hostedCompany1,dc=example,dc=com node:
aci: (targetattr="*")(targetfilter=(objectClass=nsManagedDomain))
(version 3.0; acl "Domain access"; allow (read,search)
groupdn="ldap:///cn=DomainAdmins,ou=Groups,dc=hostedCompany1,dc=example,dc=com";)
This ACI grants read and search rights to the DomainAdmins group to any entry in the
dc=hostedCompany1,dc=example,dc=com tree.
Figure 6.3. Example Directory Tree for Macro ACIs
The following ACI is located on the dc=hostedCompany1,dc=example,dc=com node:
aci: (targetattr="*")(targetfilter=(objectClass=nsManagedDomain))
(version 3.0; acl "Domain access"; allow (read,search)
groupdn="ldap:///cn=DomainAdmins,ou=Groups,dc=hostedCompany1,dc=example,dc=com";)
The following ACI is located on the dc=subdomain1,dc=hostedCompany1,
dc=example,dc=com node:
aci: (targetattr="*")(targetfilter=(objectClass=nsManagedDomain))
(version 3.0; acl "Domain access"; allow (read,search)
groupdn="ldap:///cn=DomainAdmins,ou=Groups,dc=subdomain1,dc=hostedCompany1,dc=example,dc=com";)
Chapter 6. Managing Access Control
236