Page created: 24 Jul 2019
|
Page updated: 6 Nov 2019
| 1 min read
7.3 Product PingDirectory
-
Use ldapsearch to search the
dc=example,dc=com base DN entry. The filter
"(aci=*)"
matches allaci
attributes under the base DN, and theaci
attribute is specified so that only it is returned. Thecn=Directory Manager
bind DN has the privileges to view an ACI.$ bin/ldapsearch --baseDN dc=example,dc=com "(aci=*)" aci
dn: dc=example,dc=com aci: (targetattr!="userPassword") (version 3.0; acl "Allow anonymous read access for anyone"; allow (read,search,compare) userdn="ldap:///anyone";) aci: (targetattr="*") (version 3.0; acl "Allow users to update their own entries"; allow (write) userdn="ldap:///self";) aci: (targetattr="*") (version 3.0; acl "Grant full access for the admin user"; allow (all) userdn="ldap:///uid=admin,dc=example,dc=com";)