O'Reilly logo

LDAP Programming with Java™ by Tony Dahbura, Rob Weltman

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Viewing Access Control Lists through LDAP

In Netscape Directory Server, the ACIs for an entry are defined in the aci attribute of the entry. For example, if you search the o=airius.com entry for the aci attribute using the command

						java LDAPSearch -b "o=airius.com" -s base "objectclass=*" aci
					

the search returns the following lines:

     dn: o=airius.com
     aci: (target ="ldap:///o=airius.com")(targetattr !="userPassword")
      (version 3.0;acl "Anonymous read-search access";allow
      (read, search, compare)(userdn = "ldap:///anyone");)
     aci: (target="ldap:///o=airius.com") (targetattr = "*")
      (version 3.0; acl "allow all Admin group"; allow(all)
      groupdn = "ldap:///cn=Directory Administrators, ou=Groups,
      o=airius.com";)

Note that this syntax is specific to Netscape ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required