CR-7387 OPENDJ-2116 Explicitly show aci for proxy authz ctrl

Mark Craig

25.16.2015 9f13aa045d2af339dfa65dda5d0e9b885963fa13

CR-7387 OPENDJ-2116 Explicitly show aci for proxy authz ctrl

Although there’s a global ACI for this by default,
this patch updates the doc to show the ACI to use
if that global ACI has been changed.

 opendj-sdk/opendj-server-legacy/src/main/docbkx/server-dev-guide/chap-ldap-operations.xml

@@ -1416,6 +1416,34 @@
  
  <procedure xml:id="setup-proxied-authz">
   <title>To Configure Proxied Authorization</title>

   <step performance="optional">
    <para>
     If the global ACIs do not allow access to use the Proxy Authorization Control,
     grant access to applications to use the control.
    </para>

    <para>
     The control has OID <literal>2.16.840.1.113730.3.4.18</literal>.
    </para>

    <screen>
$ <userinput>ldapmodify \
 --port 1389 \
 --bindDN "cn=Directory Manager" \
 --bindPassword password
dn: dc=example,dc=com
changetype: modify
add: aci
aci: (targetcontrol="2.16.840.1.113730.3.4.18") (version 3.0; acl
  "Apps can use the Proxy Authorization Control"; allow(read)
  userdn="ldap:///cn=*,ou=Apps,dc=example,dc=com";)
</userinput>
<computeroutput>  Processing MODIFY request for dc=example,dc=com
  MODIFY operation successful for DN dc=example,dc=com</computeroutput>
    </screen>
   </step>

   <step>
    <para>Grant access to applications that can use proxied authorization.</para>