4.2.3 - Enabling Access Control

The Access Control Subsystem (ACI) is described in the Basic User Guide. The ACI is disabled by default and the simplest way to enable it is to use Apache Directory Studio.

After the server has started, the relevant entry can be found in config.ldif_migrated :

# default, config
dn: ads-directoryServiceId=default,ou=config
ads-directoryserviceid: default
ads-dssyncperiodmillis: 15000
ads-dsallowanonymousaccess: TRUE
ads-dsreplicaid: 1
ads-dsaccesscontrolenabled: FALSE
ads-dspasswordhidden: FALSE
ads-dsdenormalizeopattrsenabled: FALSE
ads-enabled: TRUE
objectclass: top
objectclass: ads-base
objectclass: ads-directoryService

The following ldapmodify (by the admin user) will activate the ACI Subsystem when the server is next restarted :

# turn on Access Control
dn: ads-directoryServiceId=default,ou=config
changetype: modify
replace: ads-dsaccesscontrolenabled
ads-dsaccesscontrolenabled: TRUE