Overview #ACL (eDirectory Attribute) is an AttributeTypes that represents an Access Control List within EDirectory
Details of the ACL (eDirectory Attribute) are defined on the syntax Object ACL.
X-NDS_ACL_TEMPLATES when set defines default values for ACL (eDirectory Attribute).
Marking an ACL as Read Filtered. The arf_acl.ldif can be used by an administrator to mark the ACL (eDirectory Attribute) as a read filtered attribute. When the ACL (eDirectory Attribute) is marked as a read filtered attribute, the server does not return the attribute on the entry if all attributes are requested. However, the if the LDAP search is done to return operational attributes or if the request specifically asks for ACL (eDirectory Attribute), the marked attribute is returned. rrf_acl.ldif can be used to turn off the read filtered flag on an ACL attribute. These LDIFs affect the ACL attribute on the schema, so only a user with Supervisor rights on tree root can extend them.
By default, an ACL is not marked as read filtered, so the performance benefit for requests to return all attributes is not seen.
Attribute Definition #The ACL (eDirectory Attribute) AttributeTypes is defined as:
- OID of 2.16.840.1.113722.214.171.124.1.2
- NAME: ACL (eDirectory Attribute)
- DESC: Contains access control information for the object and its attributes.
- SYNTAX: 2.16.840.1.1137126.96.36.199.1.17 (Object ACL)