How can I use CA LDAP Server to add a ruleline in an ACF2 resource rule

Document ID : KB000045262
Last Modified Date : 14/02/2018
Show Technical Document Details

Question:

How can I use CA LDAP Server to create a rule line entry in a resource rule?
I know I can use LDAPMODIFY to change entities in the ACF2 database, but i have not been able to
find the correct format of DN in the LDIF file. 

The rule I would like to modify currently looks like this

$KEY(LDAPRULE) TYPE(ABC)
AAAA.BBBB UID(uidforuser01) ALLOW SERVICE(READ)

I would like it to add a rule line like this...
XXXX.YYYYY UID(uidforuser02) ALLOW SERVICE(READ,UPDATE) 

 

Answer:

The ldif file for an ldapmodify request to add a rule line to a resource rule would look like this..

dn: acf2resruleline=xxxx.yyyyy,acf2reskey=LDAPRULE,acf2ruletype=RABC,acf2admingrp=rules,host=HOST.COMPANY.COM,o=co,c=us
changetype: add
UIDMask: uidforuser02
ResourceAccess: ALLOW
ResourceService: READ,UPDATE 

The following fields are available for the rule line request

 

ACF2 Keyword    UFN Keyword

ACCESS             ResourceAccess
ACTIVE              ActiveDate
DATA                 RuleLineData
FOR                  TimePeriodAccessAllowed
NEXTKEY           NextRuleKey
RECCHECK        ExpressRecordValidation
ROLE                RoleRoleSet
SERVICE           ResourceService
SHIFT               AccessShift
SOURCE            InputSource
UID                   UIDMask
UNTIL                ExpirationDate
USER                 UserRoleSet
VERIFY              RequestPswdValidation

This will add a rule line to an existing ruleset or will create a new ruleset.
Rule lines are added one per request and the line will be placed in the
ruleset at the correct location.