Show Table of Contents
13.2. Default ACIs
When the Admin Server is set up, the following default ACIs apply to the directory information stored in the
userRoot database:
- Users can modify a list of common attributes in their own entries, including the
mail,telephoneNumber,userPassword, andseeAlsoattributes. Operational and most of the security attributes, such asaci,nsroledn, andpasswordExpirationTime, cannot be modified by users. - Users have anonymous access to the directory for search, compare, and read operations.
- The administrator (by default
uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot) has all rights except proxy rights. - All members of the
Configuration Administratorsgroup have all rights except proxy rights. - All members of the
Directory Administratorsgroup have all rights except proxy rights. Server Instance Entry(SIE) group.
The
NetscapeRoot subtree has its own set of default ACIs:
- All members of the
Configuration Administratorsgroup have all rights on theNetscapeRootsubtree except proxy rights. - Users have anonymous access to the
NetscapeRootsubtree for search and read operations. - All authenticated users have search, compare, and read rights to configuration attributes that identify the Admin Server.
- Group expansion.
The following sections explain how to modify these default settings.
Where did the comment section go?
Red Hat's documentation publication system recently went through an upgrade to enable speedier, more mobile-friendly content. We decided to re-evaluate our commenting platform to ensure that it meets your expectations and serves as an optimal feedback mechanism. During this redesign, we invite your input on providing feedback on Red Hat documentation via the discussion platform.