[ldap-generic-acls] stanza

Edit online

The stanza entries for configuring the access controls for a generic LDAP server are in the [ldap-generic-acls] stanza of the ldap.conf configuration files.

This stanza is used only for generic LDAP servers. Verify Identity Access defines a generic LDAP server as not being one of the following LDAP servers:

Security Directory Server
Novell eDirectory Server
Sun Java™ System Directory Server
Sun ONE Directory Server

The LDAP architecture does not specify the syntax or semantics used by LDAP servers for access control. Each LDAP server vendor specifies how access control for objects is set and interpreted. Access control is set in the Directory Information Tree (DIT). Verify Identity Access attempts to set the appropriate Access Control Information (ACI) in the LDAP server when domains, users, and groups are created and attempts to remove the ACI when these objects are deleted.

For generic LDAP server support, the type of ACI to set can be configured. If the ACI type is not one that Verify Identity Access supports, a plug-in library can be provided. This plug-in library is started when domains, users, or groups are created or deleted.

If no ACI is required, comment out all the entries in this stanza.