Setting Up an Access Control List
An entry may have no ACIs, one ACI, or many ACIs. ACIs allow or deny permissions to entries. When the directory server processes an incoming request for that entry, the server uses the ACIs for the entry to determine whether or not the LDAP client has permission to perform the requested operation.
An ACI on an entry affects all the entries in the directory tree that are beneath that entry. For example, an ACI on the o=airius.com entry in the sample directory provided on the CD-ROM that accompanies this book affects all entries under that entry, including ou=Groups, o=airius.com and uid=bjensen, ou=People, o=airius.com.
If one ACI allows access to an entry and another ACI denies access, the ACI that denies access ...
Get LDAP Programming with Java™ now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
