How do i write an ldif for an LDAPMODIFY request for an ACF2 resource ruleline that is not in the extended format. I read TEC1551277 but my request does not use an extended rule line entry.

Document ID : KB000045191
Last Modified Date : 14/02/2018
Show Technical Document Details

Question:

How can I write an LDIF file to be used for an LDAPMODIFY request to add a rule to an
ACF2 resource rule when the full resource name is in the key of the resource rule?

 

Answer:

The LDIF in TEC1551277 had the following DN:

dn: acf2resruleline=xxxx.yyyyy,acf2reskey=LDAPRULE,acf2ruletype=RABC,acf2admingrp=rules,host=HOST.COMPANY.COM,o=co,c=us

 

If the rule line does not include an extended resource name, the value for acf2resruleline should be \00 (standard escape code for a null value)

dn: acf2resruleline=\00,acf2reskey=LDAPRULE,acf2ruletype=RABC,acf2admingrp=rules,host=HOST.COMPANY.COM,o=co,c=us
changetype: add
UIDMask: uidforuser03
ResourceAccess: ALLOW 
ResourceService: UPDATE 

 

The rule started as

$KEY(LDAPRULE) TYPE(ABC)
AAAA.BBBB UID(uidforuser01) ALLOW SERVICE(READ)
XXXX.YYYYY UID(uidforuser02) ALLOW SERVICE(READ,UPDATE) 

and would be updated to

$KEY(LDAPRULE) TYPE(ABC)
UID(uidforuser03) ALLOW SERVICE(UPDATE)
AAAA.BBBB UID(uidforuser01) ALLOW SERVICE(READ)
XXXX.YYYYY UID(uidforuser02) ALLOW SERVICE(READ,UPDATE)