لطفا منتظر باشید ...
•
Table of Contents
•
Index
•
Reviews
•
Reader Reviews
•
Errata
LDAP System Administration
By
Gerald Carter
Publisher
: O''''Reilly
Pub Date
: March 2003
ISBN
: 1-56592-491-6
Pages
: 308
If you want to be a master of your domain, LDAP
System Administration will help you get up and
running quickly regardless of which LDAP version you use.
After reading this book, even with no previous LDAP
experience, you''''ll be able to integrate a directory server
into essential network services such as mail, DNS, HTTP, and
SMB/CIFS.
E.3 How Much?
OpenLDAP supports two modes of defining access. The general form of
the access specifier clause is:
[self]{level|priv}The special modifier self implies special access
to self-owned attributes such as the member attribute in a group.While the access level model implements incremental access (higher
access includes lower access levels), the privilege model requires
that an administrator explicitly define access for each permission
using the =, +, and
- operators to reset, add, and remove permissions,
respectively (see Table E-3).
Access level | Privilege | Permission granted |
|---|---|---|
write | w | Access to update attribute values (e.g., change this telephoneNumber to 555-2345). |
read | r | Access to read search results (e.g., Show me all the entries with a telephoneNumber of 555*). |
search | s | Access to apply search filters (e.g., Are there any entries with a telephoneNumber of 555*?). |
compare | c | Access to compare attributes (e.g., Is your telephoneNumber 555-1234?). |
auth | x | Access to bind (authenticate). This requires that the client send a username in the form of a DN and some type of credentials to prove his or her identity. |
none | No access. |
keywords stop, continue, and
break (see Table E-4).
Keyword | Meaning |
|---|---|
break | Allows other access clauses to be processed |
continue | Allows additional "who" clauses within the current access rule to be processed |
stop | Stops access check upon a match (default) |
