In my case, I want to create a new administration user who has full privileges, such as add/modify/delete entities and properties, on in a certain DN (and maybe its sub). According to the document, in the table of "Directory Data Administration", it seems that I can create it who can "Access to read and write to others' entries", but I don't know how to. Could anyone help please?
Asked
Active
Viewed 117 times
1 Answers
0
I found the solution is related to ACI. Thus, I can create a new admin entity in subtree of cn=config, and then add some aci properties to the certain DN which I want limit the admin to. It seems work to my case.
Tonny Tc
- 852
- 1
- 12
- 37
-
OpenDJ has ACI (Access Control Instructions) and Privileges. The former control who can do what with the data over the LDAP operations. The later are more for administrative controls such as who is allowed to modify ACI, grant privileges, run a backup... – Ludovic Poitou Jul 05 '19 at 06:38
-
Thanks a lot for your reply. It seems that the ACI is used for controlling entities in the OpenDJ server and the privilege is used for controlling the OpenDJ server itself. – Tonny Tc Jul 08 '19 at 04:23