6.6. Viewing ACIs

All the ACIs under a single suffix in the directory can be viewed from the command line by using the following ldapsearch command: ^[5]

ldapsearch -h host -p port -b baseDN -D rootDN -w rootPassword (aci=*) aci

See the Directory Server Configuration, Command, and File Reference for information on using the ldapsearch utility.

From the Directory Server Console, all of the ACIs that apply to a particular entry can be viewed through the Access Control Manager.

Start the Directory Server Console. See Section 1.4, “Starting the Directory Server Console”.
In the Directory tab, right-click the entry in the navigation tree, and select Set Access Permissions.

The Access Control Manager opens with a list of the ACIs belonging to the selected entry.
Check the Show Inherited ACIs checkbox to display all ACIs created on entries above the selected entry that also apply.

^[5] The LDAP tools referenced in this guide are Mozilla LDAP, installed with Directory Server in the /usr/lib/mozldap directory on Red Hat Enterprise Linux 5 i386; directories for other platforms are listed in Section 1.2, “LDAP Tool Locations”. However, Red Hat Enterprise Linux systems also include LDAP tools from OpenLDAP. It is possible to use the OpenLDAP commands as shown in the examples, but you must use the -x argument to disable SASL and allow simple authentication.