[389-users] Re: acis in 99user.ldif and target on subtree

Mark Reynolds Thu, 23 May 2019 10:26:56 -0700


On 5/23/19 12:38 PM, Angel Bosch Mora wrote:

Hi!


two more questions:

1- when migrating should I take care about ACIs in 99user.ldif? rightnow there 
are four entries:

aci: (target="ldap:///cn=schema";)(targetattr !="aci")(version 3.0;acl "anonymous, no 
acis"; allow (read, search, compare) userdn = "ldap:///anyone";;)
aci: (targetattr="*")(version 3.0; acl "Configuration Administrators Group"; allow (all) 
groupdn="ldap:///cn=Configuration Administrators,ou=Groups,ou=TopologyManagement,o=NetscapeRoot";)
aci: (targetattr="*")(version 3.0; acl "Configuration Administrator"; allow (all) 
userdn="ldap:///uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot";;)
aci: (targetattr = "*")(version 3.0; acl "SIE Group"; allow (all) groupdn = 
"ldap:///cn=slapd-hhh-ng,cn=389 Directory Server,cn=Server 
Group,cn=xx.yy.net,ou=xx.net,o=NetscapeRoot";)
modifiersname: cn=directory manager
modifytimestamp: 20101105155413Z

but I never did those.

These are default aci's that are mainly used for the 389-console (theo=NetscapeRoot aci's). If you are using the console then I would keepthem.



2- is it mandatory to specify target when setting an ACI in a subtree?

No. If there is no target defined in the aci then the target becomesthe entry the aci was added to.


HTH,

Mark





best regards,

abosch
-- Institut Mallorqui d'Afers Socials. Aquest missatge, i si escau, qualsevol 
fitxer annex, es dirigeix exclusivament a la persona que n'es destinataria i 
pot contenir informacio confidencial. En cap cas no heu de copiar aquest 
missatge ni lliurar-lo a terceres persones sense permis expres de l'IMAS. Si no 
sou la persona destinataria que s'hi indica (o la responsable de lliurar-l'hi) 
us demanam que ho notifiqueu immediatament a l'adreca electronica de la persona 
remitent.
-- Abans d'imprimir aquest missatge, pensau si es realment necessari.
_______________________________________________
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org

_______________________________________________
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org

[389-users] Re: acis in 99user.ldif and target on subtree

Reply via email to