Page created: 4 Feb 2020
|
Page updated: 22 Jul 2020
The following ACI can be used to allow an employee's manager to edit the value of the
employee's telephoneNumber
attribute. This ACI uses the userattr
keyword with a bind type of USERDN
, which indicates that the target
entry’s manager attribute must have a value equal to the DN of the authenticated user:
aci: (targetattr="telephoneNumber") (version 3.0; acl "A manager can update telephone numbers of her direct reports"; allow (read,search,compare,write) userattr="manager#USERDN";)