Oracle® Internet Directory Administrator's Guide 10g (9.0.4) Part Number B12118-01 |
|
Setting up Access Controls for Creation and Search Bases for Users and Groups, 2 of 3
--- BEGIN LDIF file contents--- dn: %usersearch_or_createbase_dn% changetype: modify add: orclaci orclaci: access to entry by group="cn=oracledascreateuser, cn=groups,cn=OracleContext,%subscriberdn%" added_object_constraint=(objectclass=orcluser*) (browse,add) by group="cn=Common User Attributes, cn=Groups,cn=OracleContext,%subscriberdn%" (browse) by group="cn=PKIAdmins, cn=groups, cn=OracleContext,%subscriberdn%" (browse) orclaci: access to entry filter=(objectclass=inetorgperson) by group="cn=oracledascreateuser, cn=groups,cn=OracleContext,%subscriberdn%" added_object_constraint=(objectclass=orcluser*) (browse,add) by group="cn=oracledasdeleteuser, cn=groups,cn=OracleContext,%subscriberdn%" (browse,delete) by group="cn=oracledasedituser, cn=groups,cn=OracleContext,%subscriberdn%" (browse) by group="cn=UserProxyPrivilege, cn=Groups,cn=OracleContext,%subscriberdn%" (browse, proxy) by dn="orclApplicationCommonName=DASApp, cn=DAS, cn=Products,cn=oraclecontext" (browse,proxy) by self (browse, nodelete, noadd) by group="cn=Common User Attributes, cn=Groups,cn=OracleContext,%subscriberdn%" (browse) by * (browse, noadd, nodelete) orclaci: access to attr=(*) filter=(objectclass=inetorgperson) by group="cn=oracledasedituser, cn=groups,cn=OracleContext,%subscriberdn%" (read,search,write,compare) by self (read,search,write,selfwrite,compare) by * (read, nowrite, nocompare) orclaci: access to attr=(userPassword) filter=(objectclass=inetorgperson) by group="cn=OracleUserSecurityAdmins,cn=Groups,cn=OracleContext,%subscriberdn% " (read,search,write,compare) by group="cn=oracledasedituser, cn=groups,cn=OracleContext,%subscriberdn%" (read,search,write,compare) by self (read,search,write,selfwrite,compare) by group="cn=authenticationServices, cn=Groups,cn=OracleContext,%subscriberdn%" (compare) by * (none) orclaci: access to attr=(authpassword, orclpasswordverifier, orclpassword) by group="cn=oracledasedituser,cn=groups,cn=OracleContext,%subscriberdn%" (read,search,write,compare) by group="cn=verifierServices,cn=Groups,cn=OracleContext,%subscriberdn%" (search, read, compare) by self (search,read,write,compare) by * (none) orclaci: access to attr=(orclpwdaccountunlock) by group="cn=oracledasedituser,cn=groups,cn=OracleContext,%subscriberdn%" (write) by * (none) orclaci: access to attr=(usercertificate, usersmimecertificate) by group="cn=PKIAdmins,cn=Groups,cn=OracleContext,%subscriberdn%" (read, search, write, compare) by self (read, search, compare) by * (read, search, compare) orclaci: access to attr=(mail) by group="cn=EmailAdminsGroup,cn=EmailServerContainer,cn=Products,cn=OracleCont ext" (write) by group="cn=oracledasedituser, cn=groups,cn=OracleContext,%subscriberdn%" (read,search,write,compare) orclaci: access to attr=(orclguid, orclisenabled, modifytimestamp,mail) by group="cn=Common User Attributes, cn=Groups,cn=OracleContext,%subscriberdn%" (read, search, compare) by group="cn=oracledasedituser, cn=groups,cn=OracleContext,%subscriberdn%" (read,search,write,compare) by * (read, nowrite, nocompare) orclaci: access to attr=(orclpasswordhintanswer) by group="cn=Common User Attributes, cn=Groups,cn=OracleContext,%subscriberdn%" (read, search, compare) by self (read,search,write,selfwrite,compare) by * (noread, nowrite, nocompare) orclaci: access to attr=(orclpasswordhint) by group="cn=Common User Attributes, cn=Groups,cn=OracleContext,%subscriberdn%" (read, search, compare) by self (read,search,write,selfwrite,compare) by group="cn=OracleUserSecurityAdmins,cn=Groups,cn=OracleContext,%subscriberdn% " (read,search,write,compare) by * (noread, nowrite, nocompare) orclaci: access to attr=(displayName, preferredlanguage, orcltimezone,orcldateofbirth,orclgender,orclwirelessaccountnumber,cn,uid,hom ephone,telephonenumber) by group="cn=Common User Attributes, cn=Groups,cn=OracleContext,%subscriberdn%" (read, search, compare) by group="cn=oracledasedituser, cn=groups,cn=OracleContext,%subscriberdn%" (read,search,write,compare) by self (read,search,write,selfwrite,compare) by * (read, nowrite, nocompare) - add: orclentrylevelaci orclentrylevelaci: access to entry by group="cn=oracledascreateuser, cn=groups,cn=OracleContext,%subscriberdn%" added_object_constraint=(objectclass=orcluser*) (browse, add) by * (browse) ---END LDIF file contents------
%subscriberdn
% with the dn of the subscriber and %usersearch_or_createbase_dn%
with the new value of the container dn where the new user search/create base points to.
ldapmodify -p <oidport> -h <oidhost> -D cn=orcladmin -w <Instance Password> -v -f user_aci.ldif
|
![]() Copyright © 1999, 2003 Oracle Corporation. All Rights Reserved. |
|