Gathering Access Control Lists (ACL) Information in ITDS

Uncategorized

Gathering Access Control Lists (ACL) Information in ITDS

February 14th, 2009

There may be cases when you’re trying to write data, delete entries, or read entries on your IBM Tivoli Directory Server (ITDS) and you encounter a “Insufficient Access” error message. It many cases this is due to the access control lists (ACL) limiting the users ability to perform these actions. You can check how your ACLs are setup with the following information.

ITDS 5.2 & 6.0

ldapsearch -D cn=root -w <password> -b "BaseDN" -s base "objectclass=*" aclentry aclpropagate aclsource entryowner ownerpropagate ownersource ibm-filterAclEntry ibm-filterAclInherit ibm-effectiveAcl

default output:

o=robscomputergarage,c=us
ownersource=default
ownerpropagate=TRUE
aclsource=default
aclpropagate=TRUE
entryowner=access-id:CN=ROOT
ibm-effectiveACL=group:CN=ANYBODY:restricted:rsc:normal:rsc:system:rsc
aclentry=group:CN=ANYBODY:system:rsc:normal:rsc:restricted:rsc

ITDS 6.1 & 6.2

idsldapsearch -D cn=root -w <password> -b "BaseDN" -s base "objectclass=*" +ibmaci

default output:

o=robscomputergarage,c=us
ownerpropagate=TRUE
ownersource=default
aclpropagate=TRUE
aclsource=default
entryowner=access-id:CN=ROOT
ibm-effectiveAcl=group:CN=ANYBODY:restricted:rsc:system:rsc:normal:rsc
aclentry=group:CN=ANYBODY:normal:rsc:system:rsc:restricted:rsc

Learn More

Get In Touch

All work within this site: written, images or video are copyright of Rob Mitchell unless noted otherwise and cannot be reproduced without the express permission of the owner.

Uncategorized