4.2 - Authorization

ApacheDS uses an adaptation of the X.500 basic access control scheme in combination with X.500 subentries to control access to entries and attributes within the DIT. This document will show you how to enable the basic access control mechanism and how to define access control information to manage access to protected resources.

Chapter content

• 4.2.1 - Introduction
• 4.2.2 - Definitions
• 4.2.3 - Enabling access control
• 4.2.4 - Aci Types
• 4.2.5 - Aci Elements
• 4.2.6 - The Acdf Engine
• 4.2.7 - Using Acis Trail
• 4.2.8 - Acis Administration
• 4.2.9 - Migration from other Ldap Servers
• 4.2.10 - Aci Grammar
• 4.2.11 - Links and References

Some Simple Examples

The ACIItem syntax is very expressive and that makes it extremely powerful for specifying complex access control policies. However the syntax is not very easy to grasp for beginners. For this reason we start with simple examples that focus on different protection mechanisms offered by the ACIItem syntax. We do this instead of specifying the grammar which is not the best way to learn a language.

Before going on to these trails you might want to set up an Administrative Area for managing access control via prescriptiveACI. Both subentryACI and prescriptiveACI require the presence of an Administrative Point entry. For more information and code examples see ACAreas.

ACI Trails

Here are some trails that resemble simple HOWTO guides. They’re ordered with the most pragmatic usage first. We will add to these trails over time.