HP-UX Directory Server Administrator Guide HP-UX Directory Server Version 8.1 (5900-3098, May 2013)

ManualsBrandsHP ManualsSoftwareHP-UX Directory Server

271

272

273

274

275

276

277

278

279

280

1. In the Directory tab, right-click the example-people entry under the example.com node

in the left navigation tree, and choose Set Access Permissions from the pop-up menu to display

the Access Control Manager.

2. Click New to display the Access Control Editor.

3. In the Users/Groups tab, in the ACI name field, type Write example.com. In the list of

users granted access permission:

a. Select and remove All Users, then click Add.

The Add Users and Groups dialog box opens.

b. Set the Search area to Special Rights, and select Self from the search results list.

c. Click the Add button to list Self in the list of users who are granted access permission.

d. Click OK to dismiss the Add Users and Groups dialog box.

4. In the Rights tab, select the checkbox for write right. Make sure the other checkboxes are

clear.

5. In the Targets tab, click This Entry to display the

ou=example-people,dc=example,dc=com suffix in the Target directory entry field. In

the attribute table, select the checkboxes for the homePhone, homePostalAddress, and

userPassword attributes.

All other checkboxes should be clear; if it is easier, click the Check None button to clear the

checkboxes for all attributes in the table, then click the Name header to organize them

alphabetically, and select the appropriate ones.

6. In the Hosts tab, click Add to display the Add Host Filter dialog box. In the DNS host filter

field, type *.example.com. Click OK to dismiss the dialog box.

7. Click OK in the Access Control Editor window.

The new ACI is added to the ones listed in the Access Control Manager window.

6.9.2.2 ACI "Write Subscribers"

NOTE:

By setting this permission, you are also granting users the right to delete attribute values.

In LDIF, to grant example.com subscribers the right to update their password and home telephone

number, write the following statement:

aci: (targetattr="userPassword || homePhone") (version 3.0; acl

"Write Subscribers"; allow (write) userdn= "ldap://self" and

authmethod="ssl";)

This example assumes that the aci is added to the ou=subscribers, dc=example,dc=com

entry.

example.com subscribers do not have write access to their home address because they might

delete the attribute, and example.com needs that information for billing. Therefore, the home

address is business-critical information.

From the Console, set this permission by doing the following:

1. In the Directory tab, right-click the Subscribers entry under the example.com node in the left

navigation tree, and choose Set Access Permissions from the pop-up menu to display the Access

Control Manager.

2. Click New to display the Access Control Editor.

3. In the Users/Groups tab, in the ACI name field, type Write Subscribers. In the list of

users granted access permission:

6.9 Access control usage examples 275