Anonymous and authenticated access - PingDirectory - PingDirectoryProxy

Anonymous and authenticated access - PingDirectory - PingDirectoryProxy - 9.0

PingDirectory

bundle

pingdirectory-90

ft:publication_title

PingDirectory

Product_Version_ce

PingDirectory 9.0

category

Product

pd-90

pingdirectory

ContentType_ce

The following ACIs allow anonymous read, search, and compare on select attributes of inetOrgPerson entries while authenticated users can access several more. An authenticated user inherits the privileges of the anonymous ACI and can also change userPassword.

aci: (targetattr="objectclass || uid || cn || mail || sn || givenName")(targetfilter="(objectClass=inetorgperson)")
(version 3.0; acl "Anyone can access names and email addresses of entries representing people";
allow (read,search,compare) userdn="ldap:///anyone";)
aci: (targetattr="departmentNumber || manager || isMemberOf")(targetfilter="(objectClass=inetorgperson)")
(version 3.0; acl "Authenticated users can access these fields for entries representing people";
allow (read,search,compare) userdn="ldap:///all";)
aci: (targetattr="userPassword")(version 3.0; acl "Authenticated users can change password";
allow (write) userdn="ldap:///all";)

To prevent anonymous access to the Directory Server, set the global configuration property reject-unauthenticated-requests to true.