Page created: 6 Nov 2019
|
Page updated: 25 Mar 2020
The following ACI can be used to allow an employee's manager to edit the value of the
employee's telephoneNumber
attribute. This ACI uses the userattr
keyword with a bind type of USERDN
, which indicates that the target
entry’s manager attribute must have a value equal to the DN of the authenticated user:
aci: (targetattr="telephoneNumber") (version 3.0; acl "A manager can update telephone numbers of her direct reports"; allow (read,search,compare,write) userattr="manager#USERDN";)