| Title: | X.500 Directory Services |
| Notice: | Sprt: FORTY2::X500_SUPPORT, Kits: 216.*, try dir/titl=OFFICIAL |
| Moderator: | FORTY2::PULLEN |
| Created: | Tue Jan 30 1990 |
| Last Modified: | Thu Jun 05 1997 |
| Last Successful Update: | Fri Jun 06 1997 |
| Number of topics: | 1016 |
| Total number of notes: | 4299 |
Hi,
received the following question according an update of 1993 X.500
standard:
Is there a plan that our X.500 will allow to specify an ACE (ACI)
on a certain tree-attribute. (e.g. from this tree-attribute all
DNs down) This would allow setting an ACI only one time.
Hopefully you do understand what I mean, it'S hard to explain.
Cheers
Charly
| T.R | Title | User | Personal Name | Date | Lines |
|---|---|---|---|---|---|
| 994.1 | a-105.tunnel.crl.dec.com::FORTY2::PALKA | Andrew Palka Altavista Directory | Wed Apr 09 1997 11:00 | 21 | |
It is possible to make access control apply to a subtree of the DIT.
The documented way is to make the top of the subtree be a naming
context and create an access control subentry underneath it. The
access control specified in this subentry will apply to that naming
context.
An alternate way (not documented, but should work) is to make the
top of the subtree be an administrative point by adding the
administrative role attribute. You can use a value of
accessControlSpecificArea = {2 5 23 2} (in which case no access
control is inherited from higher points in the tree), or you can
use the value accessControlInnerArea = {2 5 23 3} (in which case
access control is inherited from higher points in the tree).
You can then add access control subentries beneath the administrative
point, which affect the subtree starting at the administrative point.
You can see how this works by reading X.501.
I hope this answers your question. I was not sure what you meant
by a tree-attribute.
Andrew
| |||||
| 994.2 | Marvellous! | ATZIS2::EHRLICH_K | Never met a Lady like her before! | Wed Apr 09 1997 12:52 | 8 |
Hi Andrew,
yes, your description/explanation is exactly what I was looking
for.
Thank you very much!
Cheers
Charly
| |||||