Page created: 24 Jul 2019
|
Page updated: 6 Nov 2019
The extop
keyword can be used to indicate whether a given extended request
operation can be used. Multiple OIDs can be provided by separating them with the two pipe
characters (optionally surrounded by spaces). Wildcards are not allowed when specifying
extended request OIDs.
The following ACI allows the uid=user-mgr
to use the Password Modify
Request (i.e., OID=1.3.6.1.4.1.4203.1.11.1) and the StartTLS (i.e.,
OID=1.3.6.1.4.1.1466.20037) extended request OIDs.
aci:(extop="1.3.6.1.4.1.4203.1.11.1 || 1.3.6.1.4.1.1466.20037") (version 3.0; acl "Allows the mgr to use the Password Modify Request and StartTLS; allow(read) userdn="ldap:///uid=user-mgr,ou=people,dc=example,dc=com";)