How to write an ldif for an LDAPMODIFY request for an ACF2 resource ruleline that is not in the extended format. I read TEC1551277 but my request does not use an extended rule line entry.
search cancel

How to write an ldif for an LDAPMODIFY request for an ACF2 resource ruleline that is not in the extended format. I read TEC1551277 but my request does not use an extended rule line entry.

book

Article ID: 45191

calendar_today

Updated On:

Products

LDAP SERVER FOR Z/OS

Issue/Introduction

How to write an LDIF file to be used for an LDAPMODIFY request to add a rule to an
ACF2 resource rule when the full resource name is in the key of the resource rule?

Resolution

dn: acf2resruleline=xxxx.yyyyy,acf2reskey=LDAPRULE,acf2ruletype=RABC,acf2admingrp=rules,host=HOST.COMPANY.COM,o=co,c=us

If the rule line does not include an extended resource name, the value for acf2resruleline should be \00 (standard escape code for a null value)

dn: acf2resruleline=\00,acf2reskey=LDAPRULE,acf2ruletype=RABC,acf2admingrp=rules,host=HOST.COMPANY.COM,o=co,c=us
changetype: add
UIDMask: uidforuser03
ResourceAccess: ALLOW 
ResourceService: UPDATE 

 

The rule started as

$KEY(LDAPRULE) TYPE(ABC)
AAAA.BBBB UID(uidforuser01) ALLOW SERVICE(READ)
XXXX.YYYYY UID(uidforuser02) ALLOW SERVICE(READ,UPDATE) 

and would be updated to

$KEY(LDAPRULE) TYPE(ABC)
UID(uidforuser03) ALLOW SERVICE(UPDATE)
AAAA.BBBB UID(uidforuser01) ALLOW SERVICE(READ)
XXXX.YYYYY UID(uidforuser02) ALLOW SERVICE(READ,UPDATE)