Manualshelf

Server User Manual

ManualsBrandsRed Hat ManualsServer8.1
21222324252627282930
Chapter 2. Core Server Configuration Reference
8
aci: (targetattr = "*")(version 3.0; acl "SIE Group"; allow(all)
groupdn = "ldap:///cn=slapd-phonebook, cn=Red Hat Directory Server,
cn=Server Group, cn=phonebook.example.com, dc=example,dc=com, o=NetscapeRoot";)
These default ACIs allow all LDAP operations to be carried out on all configuration attributes by the
following users:
Members of the Configuration Administrators group.
The user acting as the administrator, the admin account that was configured at setup. By default,
this is the same user account which is logged into the Console.
Members of local Directory Administrators group.
The SIE (Server Instance Entry) group, usually assigned using the Set Access Permissions
process the main console.
For more information on access control, see the Directory Server Administrator's Guide.
2.2.2. Changing Configuration Attributes
Server attributes can be viewed and changed in one of three ways: through the Directory Server
Console, by performing ldapsearch and ldapmodify commands, or by manually editing the
dse.ldif file.
NOTE
Before editing the dse.ldif file, the server must be stopped; otherwise, the
changes are lost. Editing the dse.ldif file is recommended only for changes to
attributes which cannot be altered dynamically. See Section 2.2.2.3, “Configuration
Changes Requiring Server Restart” for further information.
The following sections describe how to modify entries using LDAP (both by using Directory Server
Console and by using the command line), the restrictions that apply to modifying entries, the
restrictions that apply to modifying attributes, and the configuration changes requiring restart.
2.2.2.1. Modifying Configuration Entries Using LDAP
The configuration entries in the directory can be searched and modified using LDAP either via the
Directory Server Console or by performing ldapsearch and ldapmodify operations in the same
way as other directory entries. The advantage of using LDAP to modify entries is changes can be
made while the server is running.
For further information, see the "Creating Directory Entries" chapter in the Directory Server
Administrator's Guide. However, certain changes do require the server to be restarted before they are
taken into account. See Section 2.2.2.3, “Configuration Changes Requiring Server Restart” for further
information.
NOTE
As with any set of configuration files, care should be taken when changing or deleting
nodes in the cn=config subtree as this risks affecting Directory Server functionality.