HP-UX Directory Server Administrator Guide HP-UX Directory Server Version 8.1 (5900-3098, May 2013)

ManualsBrandsHP ManualsSoftwareHP-UX Directory Server

281

282

283

284

285

286

287

288

289

290

5. In the Targets tab, click This Entry to display the ou=subscribers, dc=example,dc=com

suffix in the Target directory entry field. In the attribute table, select the checkboxes for the

connectionTime and accountBalance attributes.

All other checkboxes should be clear; if it is made easier, click the Check None button to clear

the checkboxes for all attributes in the table, then click the Name header to organize them

alphabetically, and select the appropriate ones.

This example assumes that you have added the connectionTime and accountBalance

attributes to the schema.

6. Click OK.

The new ACI is added to the ones listed in the Access Control Manager window.

6.9.7.2 ACI "Billing Info Deny"

In LDIF, to deny subscribers permission to modify billing information in their own entry, write the

following statement:

aci: (targetattr="connectionTime || accountBalance") (version

3.0; acl "Billing Info Deny"; deny (write) userdn="ldap:///self";)

This example assumes that the relevant attributes have been created in the schema and that the

ACI is added to the ou=subscribers,dc=example,dc=com entry.

From the Console, set this permission by doing the following:

1. In the Directory tab, right-click the Subscribers entry under the example.com node in the

left navigation tree, and choose Set Access Permissions from the pop-up menu to display the

Access Control Manager.

2. Click New to display the Access Control Editor.

3. In the Users/Groups tab, in the ACI name field, type Billing Info Deny. In the list of

users granted access permission, do the following:

a. Select and remove All Users, then click Add.

The Add Users and Groups dialog box opens.

b. Set the Search area in the Add Users and Groups dialog box to Special Rights, and

select Self from the search results list.

c. Click the Add button to list Self in the list of users who are granted access permission.

d. Click OK to dismiss the Add Users and Groups dialog box.

4. In the Rights tab, select the checkbox for write. Make sure the other checkboxes are clear.

5. Click the Edit Manually button, and, in the LDIF statement that opens, change the word allow

to deny.

6. In the Targets tab, click This Entry to display the ou=subscribers, dc=example,dc=com

suffix in the Target directory entry field. In the attribute table, select the checkboxes for the

connectionTime and accountBalance attributes.

All other checkboxes should be clear; if it is easier, click the Check None button to clear the

checkboxes for all attributes in the table, then click the Name header to organize them

alphabetically, and select the appropriate ones.

This example assumes that the connectionTime and accountBalance attributes were

added to the schema.

7. Click OK.

The new ACI is added to the ones listed in the Access Control Manager window.

6.9.8 Setting a target using filtering

To set access controls that allow access to a number of entries that are spread across the directory,

consider using a filter to set the target.

282 Managing Access Control