HP-UX Directory Server 8.1 administrator guide
keyword = "expression"; or
keyword != "expression";
Equal (=) indicates that keyword and expression must match in order for the bind rule to be
true, and not equal (!=) indicates that keyword and expression must not match in order for
the bind rule to be true.
NOTE:
The timeofday keyword also supports the inequality expressions (<, <=, >,>=). This is the only
keyword that supports these expressions.
The quotation marks ("") around expression and the delimiting semicolon (;) are required.
The expressions you can use depend on the associated keyword.
Table 6-3 “LDIF bind rule keywords” lists each keyword and the associated expressions and
indicates whether wildcard characters are allowed in the expression.
Table 6-3 LDIF bind rule keywords
Wildcard allowedValid expressionsKeyword
Yes, in DN only
ldap:///distinguished_name
ldap:///all
ldap:///anyone
ldap:///self
ldap:///parent
ldap:///suffix??scope?(filter)
userdn
No
ldap:///DN|| DN
ldap:///suffix??scope?(filter)
groupdn
No
ldap:///DN|| DN
roledn
No
attribute#bindType orattribute#value
userattr
Yes
IP_address
ip
Yes
DNS_host_name
dns
Nosun mon tue wed thu fri satdayofweek
No0 - 2359timeofday
Nonone
simple
ssl
sasl sasl_mechanism
authmethod
6.4.2 Defining user access - userdn keyword
User access is defined using the userdn keyword. The userdn keyword requires one or more
valid distinguished names in the following format:
userdn = "ldap:///dn [|| ldap:///dn]...[||ldap:///dn]"
dn can be a DN or one of the expressions anyone, all, self, or parent:
userdn = "ldap:///anyone" Defines anonymous access
userdn = "ldap:///all" Defines general access
userdn =ldap:///self" Defines self access
userdn =ldap:///parent" Defines access for the parent entry
The userdn keyword can also be expressed as an LDAP filter:
ldap:///suffix??scope?(filter)
244 Managing access control