ACL's are spanned across different LDIF files. The following sections describe in detail the ACL changes required for DSFW.
New domain: filename=nds-domain.ldif.
|
Object DN |
Trustee DN |
Attribute Name |
Privileges |
|---|---|---|---|
|
CN=Policies,CN=System,<DC=domain> |
CN=Group Policy Creator Owners,CN=Users,<DC=domain> |
All Attributes Rights |
15 |
|
CN=Group Policy Creator Owners,CN=Users,<DC=domain> |
Entry Rights |
15 |
|
DC=domain |
CN=Administrator,CN=Users,<DC=domain> |
dBCSPwd |
4 |
|
CN=Administrator,CN=Users,<DC=domain> |
unicodePwd |
4 |
|
CN=Administrator,CN=Users,<DC=domain> |
supplementalCredentials |
4 |
|
CN=Administrator,CN=Users,<DC=domain> |
currentValue |
4 |
|
CN=Administrator,CN=Users,<DC=domain> |
priorValue |
4 |
|
CN=Administrator,CN=Users,<DC=domain> |
initialAuth Incoming |
4 |
|
CN=Administrator,CN=Users,<DC=domain> |
initialAuth Outgoing |
4 |
|
CN=Administrator,CN=Users,<DC=domain> |
trustAuthIncoming |
4 |
|
CN=Administrator,CN=Users,<DC=domain> |
trustAuthOutgoing |
4 |
|
CN=Domain Admins,CN=Users,<DC=domain> |
dBCSPwd |
4 |
|
CN=Domain Admins,CN=Users,<DC=domain> |
unicodePwd |
4 |
|
CN=Domain Admins,CN=Users,<DC=domain> |
supplementalCredentials |
4 |
|
CN=Domain Admins,CN=Users,<DC=domain> |
currentValue |
4 |
|
CN=Domain Admins,CN=Users,<DC=domain> |
priorValue |
4 |
|
CN=Domain Admins,CN=Users,<DC=domain> |
initialAuth Incoming |
4 |
|
CN=Domain Admins,CN=Users,<DC=domain> |
initialAuth Outgoing |
4 |
|
CN=Domain Admins,CN=Users,<DC=domain> |
trustAuthIncoming |
6 |
|
CN=Domain Admins,CN=Users,<DC=domain> |
trustAuthOutgoing |
6 |
|
CN=Administrators,CN=Builtin,<DC=domain> |
All Attributes Rights |
32 |
|
CN=Administrators,CN=Builtin,<DC=domain> |
Entry Rights |
16 |
|
CN=Domain Admins,CN=Users,<DC=domain> |
All Attributes Rights |
15 |
|
CN=Domain Admins,CN=Users,<DC=domain> |
Entry Rights |
15 |
|
CN=Group Policy Creator Owners,CN=Users,<DC=domain> |
gPLink |
7 |
|
CN=Group Policy Creator Owners,CN=Users,<DC=domain> |
gPOptions |
7 |
|
CN=Cert Publishers,CN=Users,<DC=domain> |
userCertificate |
7 |
|
OU=Domain Controllers,<DC=domain> |
All Attributes Rights |
32 |
|
CN=Domain Controllers,CN=Users,<DC=domain> |
All Attributes Rights |
32 |
|
OU=Domain Controllers,<DC=domain> |
Entry Rights |
16 |
|
CN=Domain Controllers,CN=Users,<DC=domain> |
Entry Rights |
16 |
|
CN=Domain Computers,CN=Users,<DC=domain> |
PasswordExpirationInterval |
3 |
|
CN=Domain Computers,CN=Users,<DC=domain> |
PasswordMinimumLength |
3 |
|
CN=Domain Computers,CN=Users,<DC=domain> |
nspmConfigurationOptions |
3 |
|
CN=Domain Computers,CN=Users,<DC=domain> |
nspmMinPasswordLifetime |
3 |
|
CN=Domain Computers,CN=Users,<DC=domain> |
pwdInHistory |
3 |
|
CN=Configuration,<DC=domain> |
CN=Administrator,CN=Users,<DC=domain> |
All Attributes Rights |
32 |
|
CN=Administrator,CN=Users,<DC=domain> |
Entry Rights |
16 |
Forest root domain: filename=nds-admin-acls.ldif
|
Object DN |
Trustee DN |
Attribute Name |
Privileges |
|---|---|---|---|
|
<DC=domain> |
CN=Enterprise Admins,CN=Users,<DC=domain> |
All Attributes Rights |
32 |
|
CN=Enterprise Admins,CN=Users,<DC=domain> |
Entry Rights |
16 |
|
CN=Configuration,<DC=domain> |
CN=Enterprise Admins,CN=Users,<DC=domain> |
All Attributes Rights |
32 |
|
CN=Enterprise Admins,CN=Users,<DC=domain> |
Entry Rights |
16 |
|
CN=Schema,CN=Configuration,<DC=domain> |
CN=Schema Admins,CN=Users,<DC=domain> |
All Attributes Rights |
32 |
|
CN=Schema Admins,CN=Users,<DC=domain> |
Entry Rights |
16 |
|
Object DN |
Trustee DN |
Attribute Name |
Privileges |
|---|---|---|---|
|
<DC=domain> |
Public |
cn |
1 |
|
This |
dBCSPwd |
4 |
|
This |
unicodePwd |
4 |
|
This |
supplementalCredentials |
4 |
|
|
|
|
Non-name mapped forest root domain: filename=nds-domain-lum-acls.ldif.
|
Object DN |
Trustee DN |
Attribute Name |
Privileges |
|---|---|---|---|
|
<DC=domain> |
Public |
gecos |
2 |
|
Public |
gidNumber |
2 |
|
Public |
uidNumber |
2 |
|
Public |
unixHomeDirectory |
2 |
|
Public |
loginShell |
2 |
|
Public |
memberUid |
2 |
|
Object DN |
Trustee DN |
Attribute Name |
Privileges |
|---|---|---|---|
|
Root server object |
CN=<hostname>,OU=Domain Controllers,<DC=domain> |
Entry Rights |
16 |
|
CN=<hostname>,OU=Domain Controllers,<DC=domain> |
All Attributes Rights |
32 |
Name-mapped forest root domain: filename=nds-domain-rights-acls.ldif
|
Object DN |
Trustee DN |
Attribute Name |
Privileges |
|---|---|---|---|
|
<DC=domain> |
CN=<hostname>,OU=Domain Controllers,<DC=domain> |
Entry Rights |
16 |
|
CN=<hostname>,OU=Domain Controllers,<DC=domain> |
[All Attributes Rights |
32 |