Manualshelf

Red Hat Directory Server 8.0 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX Red Hat Directory Server Software
191192193194195196197198199200
(target="ldap:///uid=lfuentes,dc=example.com Bolivia\,S.A.").
Wildcards can be used when targeting a distinguished name using the target keyword. The
wildcard indicates that any character or string or substring is a match for the wildcard. Pattern
matching is based on any other strings that have been specified with the wildcard.
The following are legal examples of wildcard usage:
(target="ldap:///uid=*,dc=example,dc=com") — Matches every entry in the entire
example.com tree that has the uid attribute in the entry's RDN.
(target="ldap:///uid=*Anderson,dc=example,dc=com") — Matches every entry directly
under the example.com node with a uid ending in Anderson.
(target="ldap:///uid=C*A,dc=example,dc=com") — Matches every entry directly under
the example.com node with a uid beginning with C and ending with A.
(target="ldap:///uid=*,dc=example,dc=com") — Matches every entry in the entire
example.com tree that has the uid attribute in the entry's RDN.
(target="ldap:///uid=*,ou=*,dc=example,dc=com") — Matches every entry in the
example.com tree whose distinguished name contains the uid and ou attributes. Thus,
uid=fchen,ou=Engineering,dc=example,dc=com or
uid=claire,ou=Engineering,ou=people,dc=example,dc=com would match, but
uid=bjensen,dc=example,dc=com ou=Engineering,dc=example,dc=com would not.
Depending on the position of the wildcard, it can apply to the full DN, not only to attribute
values. Therefore, the wildcard can be used as a substitute for portions of the DN. For example,
uid=andy*,dc=example,dc=com targets all the directory entries in the entire example.com tree
with a matching uid attribute and not just the entries that are immediately below the
dc=example,dc=com node. In other words, this target matches with longer expressions such as
uid=andy,ou=eng,dc=example,dc=com or uid=andy,ou=marketing,dc=example,dc=com.
NOTE
You cannot use wildcards in the suffix part of a distinguished name. That is, if
your directory uses the suffixes c=US and c=GB, then you cannot use
(target="ldap:///dc=example,c=*") as a target to reference both suffixes.
Neither can you use a target such as uid=bjensen,dc=*.com.
3.2.2. Targeting Attributes
In addition to targeting directory entries, you can also target one or more attributes included in
Chapter 6. Managing Access Control
176