| Title: 4.2.3 - Enabling Access Control |
| NavPrev: 4.2.2-definitions.html |
| NavPrevText: 4.2.2 - Definitions |
| NavUp: 4.2-authorization.html |
| NavUpText: 4.2 - Authorization |
| NavNext: 4.2.4-aci-types.html |
| NavNextText: 4.2.4 - Aci Types |
| Notice: Licensed to the Apache Software Foundation (ASF) under one |
| or more contributor license agreements. See the NOTICE file |
| distributed with this work for additional information |
| regarding copyright ownership. The ASF licenses this file |
| to you under the Apache License, Version 2.0 (the |
| "License"); you may not use this file except in compliance |
| with the License. You may obtain a copy of the License at |
| . |
| http://www.apache.org/licenses/LICENSE-2.0 |
| . |
| Unless required by applicable law or agreed to in writing, |
| software distributed under the License is distributed on an |
| "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY |
| KIND, either express or implied. See the License for the |
| specific language governing permissions and limitations |
| under the License. |
| |
| |
| # 4.2.3 - Enabling Access Control |
| |
| The Access Control Subsystem (ACI) is described in the Basic User Guide. The ACI is disabled by default and the simplest way to enable it is to [use Apache Directory Studio](apacheds/basic-ug/3.2-basic-authorization.html#enable-the-aci-subsystem). |
| |
| After the server has started, the relevant entry can be found in *config.ldif_migrated* : |
| |
| # default, config |
| dn: ads-directoryServiceId=default,ou=config |
| ads-directoryserviceid: default |
| ads-dssyncperiodmillis: 15000 |
| ads-dsallowanonymousaccess: TRUE |
| ads-dsreplicaid: 1 |
| ads-dsaccesscontrolenabled: FALSE |
| ads-dspasswordhidden: FALSE |
| ads-dsdenormalizeopattrsenabled: FALSE |
| ads-enabled: TRUE |
| objectclass: top |
| objectclass: ads-base |
| objectclass: ads-directoryService |
| |
| The following ldapmodify (by the admin user) will activate the ACI Subsystem when the server is next restarted : |
| |
| # turn on Access Control |
| dn: ads-directoryServiceId=default,ou=config |
| changetype: modify |
| replace: ads-dsaccesscontrolenabled |
| ads-dsaccesscontrolenabled: TRUE |