HP-UX Directory Server Administrator Guide HP-UX Directory Server Version 8.1 (5900-3098, May 2013)

ManualsBrandsHP ManualsSoftwareHP-UX Directory Server

6.9.2.1 ACI "Write example.com".................................................................................274

6.9.2.2 ACI "Write Subscribers"...................................................................................275

6.9.3 Restricting access to key roles....................................................................................276

6.9.3.1 ACI "Roles".....................................................................................................276

6.9.4 Granting a group full access to a suffix......................................................................277

6.9.4.1 ACI "HR"........................................................................................................277

6.9.5 Granting rights to add and delete group entries..........................................................278

6.9.5.1 ACI "Create Group".........................................................................................278

6.9.5.2 ACI "Delete Group".........................................................................................279

6.9.6 Granting conditional access to a group or role............................................................279

6.9.6.1 ACI "HostedCompany1"...................................................................................280

6.9.7 Denying access.......................................................................................................281

6.9.7.1 ACI "Billing Info Read"......................................................................................281

6.9.7.2 ACI "Billing Info Deny".....................................................................................282

6.9.8 Setting a target using filtering...................................................................................282

6.9.9 Allowing users to add or remove themselves from a group............................................283

6.9.9.1 ACI "Group Members"......................................................................................283

6.9.10 Defining permissions for DNs that contain a comma...................................................284

6.9.11 Proxied authorization ACI example............................................................................284

6.10 Advanced access control: Using macro ACIs.....................................................................285

6.10.1 Macro ACI example................................................................................................285

6.10.2 Macro ACI syntax..................................................................................................287

6.10.2.1 Macro matching for ($dn)................................................................................287

6.10.2.2 Macro matching for [$dn]...............................................................................288

6.10.2.3 Macro matching for ($attr.attrName).................................................................288

6.11 Access control and replication.........................................................................................289

6.12 Compatibility with earlier releases....................................................................................289

7 Managing User Authentication.................................................................290

7.1 Managing the password policy.........................................................................................290

7.1.1 Configuring the password policy.................................................................................290

7.1.1.1 Configuring a global password policy using the console..........................................291

7.1.1.2 Configuring a subtree/user password policy using the console.................................292

7.1.1.3 Configuring a global password policy using the command line................................293

7.1.1.4 Configuring subtree/user password policy using the command line..........................295

7.1.2 Setting user passwords..............................................................................................297

7.1.3 Password change extended operation.........................................................................297

7.1.4 Configuring the account lockout policy........................................................................298

7.1.4.1 Configuring the account lockout policy using the console........................................299

7.1.4.2 Configuring the account lockout policy using the command line..............................299

7.1.5 Managing the password policy in a replicated environment...........................................299

7.1.6 Synchronizing passwords...........................................................................................300

7.2 Inactivating users and roles..............................................................................................301

7.2.1 Inactivating user and roles using the console................................................................301

7.2.2 Inactivating user and roles using the command line......................................................301

7.2.3 Activating user and roles using the console.................................................................302

7.2.4 Activating user and roles using the command line........................................................302

7.3 Setting Resource Limits Based on the bind DN.....................................................................303

7.3.1 Setting resource limits using the console......................................................................303

7.3.2 Setting resource limits using the command line............................................................303

7.3.3 Setting Resource Limits for Anonymous Binds...............................................................304

7.4 Using pass-through authentication.....................................................................................304

7.4.1 How Directory Server uses PTA..................................................................................304

7.4.2 PTA plug-in syntax...................................................................................................305

7.4.3 Configuring the PTA plug-in.......................................................................................307

Contents 9