-
To search the dc=example,dc=com base distinguished name (DN)
entry, run the ldapsearch tool.
Note:
The filter
"(aci=*)"
matches allaci
attributes under the base DN, and theaci
attribute is specified so that only it is returned. Thecn=Directory Manager
bind DN has the privileges to view an access control instruction (ACI).$ bin/ldapsearch --baseDN dc=example,dc=com "(aci=*)" aci
The system displays the following ACI information.
dn: dc=example,dc=com aci: (targetattr!="userPassword") (version 3.0; acl "Allow anonymous read access for anyone"; allow (read,search,compare) userdn="ldap:///anyone";) aci: (targetattr="*") (version 3.0; acl "Allow users to update their own entries"; allow (write) userdn="ldap:///self";) aci: (targetattr="*") (version 3.0; acl "Grant full access for the admin user"; allow (all) userdn="ldap:///uid=admin,dc=example,dc=com";)