Granting Write Access to Personal Entries

This example assumes that the ACI is added to the ou=subscribers,dc=example,dc=com entry. It also assumes that every subscriber entry has an unlistedSubscriber attribute which is set to yes or no. The target definition filters out the unlisted subscribers based on the value of this attribute. For details on the filter definition, see Section 9.8, “Setting a Target Using Filtering”.

From the Console, set this permission by doing the following:

1.In the Directory tab, right-click the Subscribers entry under the example.com node in the left navigation tree, and choose Set Access Permissions from the pop-up menu to display the Access Control Manager.

2.Click New to display the Access Control Editor.

3.In the Users/Groups tab, in the ACI name field, type Anonymous World. Check that All Users opens in the list of users granted access permission.

4.In the Rights tab, select the checkboxes for read and search rights. Make sure the other checkboxes are clear.

5.In the Targets tab, click This Entry to display the ou=subscribers, dc=example,dc=com suffix in the Target directory entry field.

6.In the Filter for subentries field, type the following filter:

(!(unlistedSubscriber=yes))

7.In the attribute table, select the checkboxes for the homePhone, homePostalAddress, and mail attributes.

All other checkboxes should be clear; if it is easier, click the Check None button to clear the checkboxes for all attributes in the table, then click the Name header to organize them alphabetically, and select the appropriate ones.

8.Click OK.

The new ACI is added to the ones listed in the Access Control Manager window.

9.2. Granting Write Access to Personal Entries

Many directory administrators want to allow internal users to change some but not all of the attributes in their own entry. The directory administrators at example.com want to allow users to change their own password, home telephone number, and home address, but nothing else. This is illustrated in Section 9.2.1, “ACI "Write example.com"”.

219

Page 239
Image 239
HP UX Red Hat Direry Server Software manual Granting Write Access to Personal Entries