Page created: 22 Jul 2020
|
Page updated: 12 Dec 2022
The following ACI can be used to grant any member of the "cn=admins,ou=groups,dc=example,dc=com" group to add, modify and delete entries, reset passwords and read operational attributes such as isMemberOf and password policy state:
aci: (targetattr="+")(version 3.0; acl "Administrators can read, search or compare operational attributes"; allow (read,search,compare) groupdn="ldap:///cn=admins,ou=groups,dc=example,dc=com";) aci: (targetattr="*")(version 3.0; acl "Administrators can add, modify and delete entries"; allow (all) groupdn="ldap:///cn=admins,ou=groups,dc=example,dc=com";)