From 7f9b45d1378434ccc3251acd160ef4d10d5f1cde Mon Sep 17 00:00:00 2001 From: Maxim Thomas Date: Tue, 1 Oct 2024 16:39:27 +0300 Subject: [PATCH] Reduce character escaping in example, add note (#419) --- .../attachments/captured-global-aci-edits.sh | 29 ++++++++++++------- 1 file changed, 19 insertions(+), 10 deletions(-) diff --git a/opendj-doc-generated-ref/src/main/asciidoc/attachments/captured-global-aci-edits.sh b/opendj-doc-generated-ref/src/main/asciidoc/attachments/captured-global-aci-edits.sh index cf9b7b4b27..16cdce7b07 100644 --- a/opendj-doc-generated-ref/src/main/asciidoc/attachments/captured-global-aci-edits.sh +++ b/opendj-doc-generated-ref/src/main/asciidoc/attachments/captured-global-aci-edits.sh @@ -11,6 +11,7 @@ # information: "Portions Copyright [year] [name of copyright owner]". # # Portions Copyright 2015 ForgeRock AS. +# Portions Copyright 2024 3A Systems LLC. # Captured dsconfig command to replace anonymous read access with authenticated access. # Edit this script to match your deployment. @@ -24,15 +25,23 @@ # If the global-aci settings are different on your OpenDJ server, # generate this script for that server as described in the documentation. # +# The following command sequence utilizes single quote encapsulation +# of the `global-aci` value. This is simply to avoid +# the need for extensive character escapes. If the quotes are removed, +# the user will need to manually escape certain characters, such as pipe +# (`|`) or exclamation points (`!`) to +# avoid shell errors. + dsconfig set-access-control-handler-prop \ - --remove global-aci:\(targetattr!=\"userPassword\|\|authPassword\|\|debugsearchindex\|\|changes\|\|changeNumber\|\|changeType\|\|changeTime\|\|targetDN\|\|newRDN\|\|newSuperior\|\|deleteOldRDN\"\)\(version\ 3.0\;\ acl\ \"Anonymous\ read\ access\"\;\ allow\ \(read,search,compare\)\ userdn=\"ldap:///anyone\"\;\) \ - --remove global-aci:\(targetattr=\"createTimestamp\|\|creatorsName\|\|modifiersName\|\|modifyTimestamp\|\|entryDN\|\|entryUUID\|\|subschemaSubentry\|\|etag\|\|governingStructureRule\|\|structuralObjectClass\|\|hasSubordinates\|\|numSubordinates\"\)\(version\ 3.0\;\ acl\ \"User-Visible\ Operational\ Attributes\"\;\ allow\ \(read,search,compare\)\ userdn=\"ldap:///anyone\"\;\) \ - --add global-aci:\(targetattr!=\"userPassword\|\|authPassword\|\|debugsearchindex\|\|changes\|\|changeNumber\|\|changeType\|\|changeTime\|\|targetDN\|\|newRDN\|\|newSuperior\|\|deleteOldRDN\"\)\(version\ 3.0\;\ acl\ \"Authenticated\ read\ access\"\;\ allow\(read,search,compare\)\ userdn=\"ldap:///all\"\;\) \ - --add global-aci:\(targetattr=\"createTimestamp\|\|creatorsName\|\|modifiersName\|\|modifyTimestamp\|\|entryDN\|\|entryUUID\|\|subschemaSubentry\|\|etag\|\|governingStructureRule\|\|structuralObjectClass\|\|hasSubordinates\|\|numSubordinates\"\)\(version\ 3.0\;\ acl\ \"User-Visible\ Operational\ Attributes\"\;\ allow\(read,search,compare\)\ userdn=\"ldap:///all\"\;\) \ - --hostname opendj.example.com \ - --port 4444 \ - --trustStorePath /path/to/opendj/config/admin-truststore \ - --bindDN cn=Directory\ Manager \ - --bindPassword ****** \ - --no-prompt + --remove=global-aci:'(targetattr!="userPassword||authPassword||changes|| + changeNumber||changeType||changeTime||targetDN||newRDN|| + newSuperior||deleteOldRDN||targetEntryUUID||changeInitiatorsName|| + changeLogCookie||includedAttributes")(version 3.0; acl "Anonymous + read access"; allow (read,search,compare) userdn="ldap:///anyone";)' \ + --hostname=opendj.example.com \ + --port=4444 \ + --bindDN=cn=Directory\ Manager \ + --bindPassword=password \ + --trustAll \ + --no-prompt