LDAP Programming with Java™

Viewing Access Control Lists through LDAP

In Netscape Directory Server, the ACIs for an entry are defined in the aci attribute of the entry. For example, if you search the o=airius.com entry for the aci attribute using the command

						java LDAPSearch -b "o=airius.com" -s base "objectclass=*" aci

the search returns the following lines:

     dn: o=airius.com
     aci: (target ="ldap:///o=airius.com")(targetattr !="userPassword")
      (version 3.0;acl "Anonymous read-search access";allow
      (read, search, compare)(userdn = "ldap:///anyone");)
     aci: (target="ldap:///o=airius.com") (targetattr = "*")
      (version 3.0; acl "allow all Admin group"; allow(all)
      groupdn = "ldap:///cn=Directory Administrators, ou=Groups,
      o=airius.com";)

Note that this syntax is specific to Netscape ...

Get LDAP Programming with Java™ now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

LDAP Programming with Java™ by Rob Weltman, Tony Dahbura

Viewing Access Control Lists through LDAP

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly