Directory Services 7.4.2

DSEE Compatible Access Control Handler

The DSEE Compatible Access Control Handler provides an implementation that uses syntax compatible with the Sun Java System Directory Server Enterprise Edition access control handlers.

Parent

The DSEE Compatible Access Control Handler object inherits from Access Control Handler.

DSEE Compatible Access Control Handler properties

You can use configuration expressions to set property values at startup time. For details, see Property value substitution.

Basic Properties Advanced Properties

enabled
global-aci

java-class

Basic properties

Use the --advanced option to access advanced properties.

enabled

Synopsis

Indicates whether the Access Control Handler is enabled. If set to FALSE, then any client (including unauthenticated or anonymous clients) is allowed to bind to the server and any connection with the "bypass-acl" privilege is allowed to perform any operation.

Default value

None

Allowed values

true

false

Multi-valued

No

Required

Yes

Admin action required

None

Advanced

No

Read-only

No

global-aci

Synopsis

Defines global access control rules.

Description

Global access control rules apply to all entries anywhere in the data managed by the OpenDJ directory server. The global access control rules may be overridden by more specific access control rules placed in the data.

Default value

No global access control rules are defined, which means that no access is allowed for any data in the server unless specifically granted by access control rules in the data.

Allowed values

An access control instruction (ACI).

Multi-valued

Yes

Required

No

Admin action required

None

Advanced

No

Read-only

No

Advanced properties

Use the --advanced option to access advanced properties.

java-class

Synopsis

Specifies the fully-qualified name of the Java class that provides the DSEE Compatible Access Control Handler implementation.

Default value

org.opends.server.authorization.dseecompat.AciHandler

Allowed values

A Java class that extends or implements:

  • org.opends.server.api.AccessControlHandler

Multi-valued

No

Required

Yes

Admin action required

The object must be disabled and re-enabled for changes to take effect.

Advanced

Yes

Read-only

No

Copyright © 2010-2024 ForgeRock, all rights reserved.