[389-users] Re: acis in 99user.ldif and target on subtree
On 5/23/19 12:38 PM, Angel Bosch Mora wrote:
Hi!
two more questions:
1- when migrating should I take care about ACIs in 99user.ldif? rightnow there are four
entries:
aci: (target="ldap:///cn=schema")(targetattr !="aci")(version 3.0;acl
"anonymous, no acis"; allow (read, search, compare) userdn =
"ldap:///anyone";)
aci: (targetattr="*")(version 3.0; acl "Configuration Administrators
Group"; allow (all) groupdn="ldap:///cn=Configuration
Administrators,ou=Groups,ou=TopologyManagement,o=NetscapeRoot";)
aci: (targetattr="*")(version 3.0; acl "Configuration Administrator";
allow (all)
userdn="ldap:///uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot";)
aci: (targetattr = "*")(version 3.0; acl "SIE Group"; allow (all)
groupdn = "ldap:///cn=slapd-hhh-ng,cn=389 Directory Server,cn=Server
Group,cn=xx.yy.net,ou=xx.net,o=NetscapeRoot";)
modifiersname: cn=directory manager
modifytimestamp: 20101105155413Z
but I never did those.
These are default aci's that are mainly used for the
389-console (the
o=NetscapeRoot aci's). If you are using the console then I would keep
them.
2- is it mandatory to specify target when setting an ACI in a subtree?
No. If there is no target defined in the aci then the target becomes
the entry the aci was added to.
HTH,
Mark
>
>
>
>
> best regards,
>
> abosch
> -- Institut Mallorqui d'Afers Socials. Aquest missatge, i si escau, qualsevol
fitxer annex, es dirigeix exclusivament a la persona que n'es destinataria i pot
contenir informacio confidencial. En cap cas no heu de copiar aquest missatge ni
lliurar-lo a terceres persones sense permis expres de l'IMAS. Si no sou la persona
destinataria que s'hi indica (o la responsable de lliurar-l'hi) us demanam que ho
notifiqueu immediatament a l'adreca electronica de la persona remitent.
> -- Abans d'imprimir aquest missatge, pensau si es realment necessari.
> _______________________________________________
> 389-users mailing list -- 389-users(a)lists.fedoraproject.org
> To unsubscribe send an email to 389-users-leave(a)lists.fedoraproject.org
> Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproje...