Previous Topic: set prune-oc-parents Command

Next Topic: set query-log-show-eis Command—Show or Hide eis Information in Query log

set public-user Command—Configure Anonymous User Access Level Rights

A public user is a user who is anonymous, so the set of "Public users" consists of all users who have not been authenticated.

This command grants specified access rights at the public user access level, to all users, over a specified scope.

Any access that is granted by this command applies to public users, and by extension to all users. That is, a user who is authenticated can do anything that a public user can do.

Access rights granted at this access level can be taken away by access control rules defined at the protected items access level.

Access control rules are effective only if you enable access controls. If access controls are not enabled, then public users have full permission over the whole directory.

This command has the following format:

set public-user [tag] = { 
scope
[attrs	= attribute-list]
[perms	= permission-list]
[validity	= [start hhmm end hhmm] [on day]]
};

Example: Let Anonymous Users Read Attributes in a Subtree

In the following example, all users can view the name, telephone number, and X.400 mail addresses in the Phone List subtree:

set public-user "public-attr" = {
 subtree	= <c "AU"><o "Democorp"><ou "Phone List">
 attrs	= telephoneNumber, commonName, surname, mhsORAddresses
};

Example: Give Public-User Privileges to Members of a Role

In the following example, all users in the role cell-research have read privileges on the directory R&D subtree:

set public-user "cell-research" = {
 role = <c "AU"><o "Democorp"><ou "roles"><cn "cell-research">
 subtree = <c "AU"><o "Democorp"><ou "R&D">
};


Copyright © 2009 CA. All rights reserved. Email CA about this topic