To create a new ACI,
do the following:
1. Login to Netscape Console using the Administrative login.
If you followed the suggestions in
the Installation
module, the login and password should both be admin.
2. On the Directory Server Console, select the Directory
tab.
3. Right-click the entry in the navigation tree for which you
want to set access control, and select
Set Access Permissions from the pop-up
menu.
4. Click New. The Set Access Permissions
dialog box appears.
The table on the Set Access Permissions dialog box lists the
access control rules (ACRs) defined for this ACI. By default, the
first ACR denies access to everyone with the exception of the root DN
(Directory Manager).
5. Click ACI Attributes. The Select Attributes dialog
appears.
6. If you want to change the name of the ACI, type the new name
in the ACI Name text box. The
name can be any string you want to use to uniquely
identify the ACI. The name is optional. If
you do not enter a name, the server uses "unknown".
7. The Target text box contains the DN
of the entry you selected in the Directory navigation tree.
You may enter a new target if you want.
Remember, the ACI you define applies to the target
entry and all subentries in the directory tree.
If you use the suffix, for example, o=airius.com
as the target, the ACI applies
to the entire directory
tree.
The target must be a valid DN.
You can use the default "is" to set a target that is equal to the DN you
enter or select "is not" to set a target that is not equal to the DN you
enter. If the DN you target contains a comma as part of its value,
you must escape the comma with a single backslash (\).
8. You may enter a search filter in the Target Filter text box.
You can use the default "is" to set a
target filter that is equal to the value
you enter or select "is not" to set a target filter that is not
equal to the value you enter.
9. You may enter an attribute to target in the Target Attribute
text box. By default, all attributes (*)
are targeted. You can use the default
"is" to set a target attribute that is equal to the value you
enter or select "is not" to set a target
attribute that is not equal to the value you enter. If you
want to enter more than one attribute, separate
the attributes with a double-pipe "||". Click OK
to return to the Set Access Permissions
dialog box.
10. You can check or modify the LDIF
syntax of the ACI by clicking View/Edit Syntax. This
displays the
Edit ACI Syntax
dialog box. Click OK to return to the Set Access Permissions
dialog box.
11. To edit an ACR in the table, double-click the cell to display
a dialog box for entering additional
information.
To edit an existing ACI,
do the following:
1. Login to Netscape Console using the Administrative login.
If you followed the suggestions in
the Installation
module, the login and password should both be admin.
2. On the Directory Server Console, select the Directory
tab.
3. Right-click the entry in the navigation tree for which you
want to edit access control, and select
Set Access Permissions from the pop-up
menu. A dialog appears prompting you to select the
ACI you want to edit. Select the ACI and click
OK. The Set Access Permissions dialog box
appears. The Set Access Permissions
dialog box contains the ACRs and other information
about the ACI.
4. Make the desired changes to the various areas of the
Set
Access Permissions dialog box.
Click OK when you have finished editing the ACI.
To delete an ACI or ACR, do the following:
1. Login to Netscape Console using the Administrative login.
If you followed the suggestions in
the Installation
module, the login and password should both be admin.
2. On the Directory Server Console, select the Directory
tab.
3. Right-click the entry in the navigation tree from which you
want to remove the ACI, and select
Set Access Permissions from the pop-up
menu. A dialog appears prompting you to select an
ACI.
If you want to delete an entire ACI, select the ACI you want to delete
and click Delete. You are done. If you only want to remove an ACR
from the ACI:
-
Select the ACI in the list and click OK. The Set Access Permissions
dialog box appears.
-
Select the ACR in the table and click Delete Rule and then click OK.
The ACR is deleted immediately.
There is no undo.