All the ACIs under a single suffix in the directory can be viewed from the command line by using the following
ldapsearch command: [7]
/usr/lib64/mozldap/ldapsearch -hhost-pport-bbaseDN-DrootDN-wrootPassword(aci=*) aci
See Chapter 8, Finding Directory Entries for information on using the
ldapsearch utility.
From the Directory Server Console, all of the ACIs that apply to a particular entry can be viewed through the Access Control Manager.
- Start the Directory Server Console.
- In the Directory tab, right-click the entry in the navigation tree, and select Set Access Permissions.
- Check the Show Inherited ACIs checkbox to display all ACIs created on entries above the selected entry that also apply.
[7]
The LDAP tools referenced in this guide are Mozilla LDAP, installed with Directory Server in the
/usr/lib64/mozldap directory on Red Hat Enterprise Linux 5 (64-bit); directories for other platforms are listed in Section 1.3, “LDAP Tool Locations”. However, Red Hat Enterprise Linux systems also include LDAP tools from OpenLDAP. It is possible to use the OpenLDAP commands as shown in the examples, but you must use the -x argument to disable SASL and allow simple authentication.