From 9f13aa045d2af339dfa65dda5d0e9b885963fa13 Mon Sep 17 00:00:00 2001
From: Mark Craig <mark.craig@forgerock.com>
Date: Thu, 25 Jun 2015 10:16:28 +0000
Subject: [PATCH] CR-7387 OPENDJ-2116 Explicitly show aci for proxy authz ctrl

---
 opendj-sdk/opendj-server-legacy/src/main/docbkx/server-dev-guide/chap-ldap-operations.xml |   28 ++++++++++++++++++++++++++++
 1 files changed, 28 insertions(+), 0 deletions(-)

diff --git a/opendj-sdk/opendj-server-legacy/src/main/docbkx/server-dev-guide/chap-ldap-operations.xml b/opendj-sdk/opendj-server-legacy/src/main/docbkx/server-dev-guide/chap-ldap-operations.xml
index 67ec1eb..9adcaa7 100644
--- a/opendj-sdk/opendj-server-legacy/src/main/docbkx/server-dev-guide/chap-ldap-operations.xml
+++ b/opendj-sdk/opendj-server-legacy/src/main/docbkx/server-dev-guide/chap-ldap-operations.xml
@@ -1416,6 +1416,34 @@
   
   <procedure xml:id="setup-proxied-authz">
    <title>To Configure Proxied Authorization</title>
+
+   <step performance="optional">
+    <para>
+     If the global ACIs do not allow access to use the Proxy Authorization Control,
+     grant access to applications to use the control.
+    </para>
+
+    <para>
+     The control has OID <literal>2.16.840.1.113730.3.4.18</literal>.
+    </para>
+
+    <screen>
+$ <userinput>ldapmodify \
+ --port 1389 \
+ --bindDN "cn=Directory Manager" \
+ --bindPassword password
+dn: dc=example,dc=com
+changetype: modify
+add: aci
+aci: (targetcontrol="2.16.840.1.113730.3.4.18") (version 3.0; acl
+  "Apps can use the Proxy Authorization Control"; allow(read)
+  userdn="ldap:///cn=*,ou=Apps,dc=example,dc=com";)
+</userinput>
+<computeroutput>  Processing MODIFY request for dc=example,dc=com
+  MODIFY operation successful for DN dc=example,dc=com</computeroutput>
+    </screen>
+   </step>
+
    <step>
     <para>Grant access to applications that can use proxied authorization.</para>
 

--
Gitblit v1.10.0