KBEC-00399 - Create an ACL entry for an LDAP group

Article ID:360032824352
1 minute readKnowledge base


This article will describe how you should define an ACL entry for an LDAP group.


When you create an ACL entry for an LDAP group, you must provide the Distinguished Name (DN) of the LDAP directory for the createAclEntry principalName field.

A DN is a sequence of relative distinguished names (RDN) connected by commas. An RDN is an attribute with an associated value in the form attribute=value; normally expressed in a UTF-8 string format.

For example:

ectool createAclEntry group "CN=ec-admins,OU=user,OU=Groups,DC=eflow,DC=net" --systemObjectName server

The DN is "CN=ec-admins,OU=user,OU=Groups,DC=eflow,DC=net". This command will create an ACL group called ec-admins on the server. The location of the LDAP directory is eflow.net/user/Groups.


RDN Attribute Types

String  X.500 AttributeType
CN      commonName
L       localityName
ST      stateOrProvinceName
O       organizationName
OU      organizationalUnitName
C       countryName
STREET  streetAddress
DC      domainComponent
UID     userid