Manualshelf

HP-UX Directory Server Administrator Guide HP-UX Directory Server Version 8.1 (5900-3098, May 2013)

ManualsBrandsHP ManualsSoftwareHP-UX Directory Server
261262263264265266267268269270
Example 13 Get effective rights results for specific attributes
ldapsearch -D "cn=directory manager" -w secret12 -b
"uid=scarter,ou=people,dc=example,dc=com" -J
1.3.6.1.4.1.42.2.27.9.5.2:true:dn:uid=scarter,ou=people,dc=example,dc=com
"(objectclass=*)" cn mail initials
dn: uid=scarter, ou=People, dc=redbudcomputer,dc=local
cn: Sam Carter mail: scarter@example.com
entryLevelRights: vadn
attributeLevelRights: cn:rscwo, mail:rscwo, initials:rscwo
It is possible to specify a non-existent attribute in the attributeList, as with the initials
attribute in Example 13 “Get effective rights results for specific attributes, to see the rights that
are available, similar to using an asterisk to list all attributes.
The Directory Manager can also list the rights for all the attributes available to a specific object
class. This option has the format attribute@objectClass. This returns two entries; the first for
the specified GER subject and the second for a template entry for the object class. For example:
Example 14 Get effective rights results for an attribute within an object class
ldapsearch -D "cn=directory manager" -w secret12 -b
"uid=scarter,ou=people,dc=example,dc=com" -J
1.3.6.1.4.1.42.2.27.9.5.2:true:dn:uid=scarter,ou=people,dc=example,dc=com
"(objectclass=*)" uidNumber@posixAccount
... snip ...
dn: cn=template_posixaccount_objectclass,uid=scarter,ou=people,dc=example,dc=com
uidnumber: (template_attribute)
entryLevelRights: v
attributeLevelRights: uidNumber:rsc
NOTE:
Using the search format attribute@objectClass is only available if the requester (-D) is the
Directory Manager.
If a regular user, rather than Directory Manager, tried to run the same command, the result would
simply be blank.
Example 15 Get effective rights results with no ACL set (regular user)
$ ldapsearch -D "uid=scarter,ou=people,dc=example,dc=com"
-w secret12 -b "dc=example,dc=com" -J
1.3.6.1.4.1.42.2.27.9.5.2:true:dn:uid=scarter,ou=people,dc=example,dc=com
"(objectclass=*)" "*@person"
$
Using an asterisk (*) instead of a specific attribute returns all the attributes (present and non-existent)
for the specified GER subject and the full list of attributes for the object class template. For example:
268 Managing Access Control