HP-UX Directory Server Administrator Guide HP-UX Directory Server Version 8.1 (5900-3098, May 2013)

ManualsBrandsHP ManualsSoftwareHP-UX Directory Server

5.2.1.1 About the CoS definition entry............................................................................188

5.2.1.2 About the CoS template entry.............................................................................188

5.2.1.3 How a pointer CoS works..................................................................................189

5.2.1.4 How an indirect CoS works...............................................................................189

5.2.1.5 How a classic CoS works...................................................................................190

5.2.1.6 Searches for CoS-specified attributes...................................................................191

5.2.2 Managing CoS using the console..............................................................................192

5.2.2.1 Creating a new CoS.........................................................................................192

5.2.2.2 Creating the CoS template entry........................................................................196

5.2.2.3 Deleting a CoS................................................................................................204

5.2.3 Managing CoS from the command line......................................................................204

5.2.3.1 Creating the CoS definition entry from the command line......................................205

5.2.3.2 Creating the CoS template entry from the command line.......................................206

5.2.3.3 Example of a pointer CoS.................................................................................207

5.2.3.4 Example of an indirect CoS..............................................................................208

5.2.3.5 Example of a classic CoS..................................................................................208

5.2.3.6 Searching for CoS entries.................................................................................209

5.2.4 Creating role-based attributes...................................................................................209

5.2.5 Access control and CoS...........................................................................................210

5.3 Using views....................................................................................................................210

5.3.1 Creating views in the console....................................................................................211

5.3.2 Deleting views from the Directory Server Console........................................................216

5.3.3 Creating views from the command line.......................................................................216

5.3.4 Deleting views from the command line.......................................................................216

5.4 Using groups.................................................................................................................216

5.4.1 Managing static groups............................................................................................217

5.4.2 Managing dynamic groups......................................................................................220

5.4.3 Creating and managing groups in the command line..................................................224

5.4.4 Using the memberOf Attribute to manage group membership information......................225

5.4.4.1 The MemberOf plug-in syntax............................................................................225

5.4.4.2 Configuring an instance of the MemberOf plug-in from the command line..............226

5.4.4.2.1 Editing the MemberOf Plug-in from the console............................................226

5.4.4.2.2 Editing the MemberOf Plug-in from the command line...................................228

5.4.4.3 Synchronizing memberOf values.......................................................................229

5.4.4.3.1 Initializing and regenerating memberOf attributes using fixup-memberof.pl......229

5.4.4.3.2 Initializing and regenerating memberOf Attributes using ldapmodify..............229

5.5 Support links between two attributes..................................................................................230

6 Managing Access Control.......................................................................232

6.1 Access control principles..................................................................................................232

6.1.1 ACI structure............................................................................................................232

6.1.2 ACI placement.........................................................................................................233

6.1.3 ACI evaluation.........................................................................................................233

6.1.4 ACI limitations.........................................................................................................233

6.2 Default ACIs...................................................................................................................234

6.3 Creating ACIs manually...................................................................................................235

6.3.1 The ACI syntax........................................................................................................235

6.3.2 Defining targets......................................................................................................235

6.3.2.1 Targeting a directory entry................................................................................236

6.3.2.2 Targeting attributes..........................................................................................237

6.3.2.3 Targeting both an entry and attributes................................................................238

6.3.2.4 Targeting entries or attributes using LDAP filters....................................................238

6.3.2.5 Targeting attribute values using LDAP filters.........................................................239

6.3.2.6 Targeting a single directory entry.......................................................................239

6.3.3 Defining permissions................................................................................................240

Contents 7