This tool allows the user to find out the effect of an ACI on Directory Server entries. It shows the user the DN of the entries or the number of entries that the ACI matches
Use Case 1:
INPUT:
aclutil -h ldaphost -p ldapport -D "cn=directory manager" -w Secret123 -a "monitor" -b "dc=example,dc=com" -t
OUTPUT: the dn of the entries to which the aci “monitor” is applicable
Use Case 2:
INPUT:
aclutil -h ldaphost -p ldapport -D "cn=directory manager" -w Secret123 -v "(target="<ldap:///cn=plugins,cn=config>")(version 3.0; acl "testaci"; allow (read, search) userdn="<ldap:///anyone>";)" -b "dc=example,dc=com" -tn ;
OUTPUT: the count of the entries to which the aci “testaci” is applicable
Use Case 3:
INPUT:
aclutil -h ldaphost -p ldapport -D "cn=directory manager" -w Secret123 -v "(target="<ldap:///cn=plugins,cn=config>")(version 3.0; acl "testaci"; allow (read, search) userdn="<ldap:///anyone>";)" -b "dc=example,dc=com" -tx ;
OUTPUT: the dn and attributes of the entries to which the aci “testaci” is applicable
This tool is implemented as a command line utility. It performs a search operation on the directory server to find out the entries(or count of entries) to which the given aci is applicable. The syntax of this tool is:
aclutil [-h ldaphost] [-p ldapport] -D <binddn> -w \< binddnpw\> -a "aci\_name" | -v "aci\_value" [-b basedn] [-t[-n][-x]]
-b basedn: If basedn is given, entries under the basedn are matched; otherwise, everything is matched;
-a “aci_name”: aci_name finds out the aci target dn and target attributes and returns the entries which match that target. If the name does not exist, it reports it.
-v “aci_value”: aci_value allows the user to specify the complete aci value. It may or may not be present in the directory server. This aci value is then used to perform the search in the directory server
-t: (targetdn) returns the DN of the entries that match the given aci’s target entries. If the target contains wildcards and/or macros, they are evaluated and matched DNs are returned.
-tn: only the count of the DNs is returned.
-tx: (target attribute) returns the matched DNs and attributes based on the given aci.
-tnx: count of the DNs as well as count of attributes is returned.
No additional requirements
None required
No impact
No impact
Depends on the presence of LDAPsearch client library
No external impact