Summary
This article will describe how you should define an ACL entry for an LDAP group.
Solution
When you create an ACL entry for an LDAP group, you must provide the Distinguished Name (DN) of the LDAP directory for the createAclEntry principalName field.
A DN is a sequence of relative distinguished names (RDN) connected by commas. An RDN is an attribute with an associated value in the form attribute=value; normally expressed in a UTF-8 string format.
For example:
ectool createAclEntry group "CN=ec-admins,OU=user,OU=Groups,DC=eflow,DC=net" --systemObjectName server
The DN is "CN=ec-admins,OU=user,OU=Groups,DC=eflow,DC=net".
This command will create an ACL group called ec-admins on the server. The location of the LDAP directory is eflow.net/user/Groups.
RDN Attribute Types
String X.500 AttributeType
------------------------------
CN commonName
L localityName
ST stateOrProvinceName
O organizationName
OU organizationalUnitName
C countryName
STREET streetAddress
DC domainComponent
UID userid
0 Comments