Searching for an access control instruction

Steps

To search the dc=example,dc=com base distinguished name (DN) entry, run the ldapsearch tool.

The filter "(aci=*)" matches all aci attributes under the base DN, and the aci attribute is specified so that only it is returned. The cn=Directory Manager bind DN has the privileges to view an access control instruction (ACI).

Example:

$ bin/ldapsearch --baseDN dc=example,dc=com "(aci=*)" aci

Result:

The system displays the following ACI information.

dn: dc=example,dc=com
aci: (targetattr!="userPassword")
  (version 3.0; acl "Allow anonymous read access for anyone";
    allow (read,search,compare) userdn="ldap:///anyone";)
aci: (targetattr="*")
  (version 3.0; acl "Allow users to update their own entries";
    allow (write) userdn="ldap:///self";)
aci: (targetattr="*")
  (version 3.0; acl "Grant full access for the admin user";
    allow (all) userdn="ldap:///uid=admin,dc=example,dc=com";)

PingDirectory

Searching for an access control instruction

Steps

Example:

Result: