Red Hat Directory Server 8.0 Administrator's Guide
Bind rules define who can access the directory, when, and from where by defining any of the
following:
• Users, groups, and roles that are granted access.
• Locations from which an entity must bind.
• Times or days on which binding must occur.
• Types of authentication that must be in use during binding.
Additionally, bind rules can be complex constructions that combine these criteria by using
Boolean operators. See Section 4.10, “Using Boolean Bind Rules” for more information.
4.1. Bind Rule Syntax
Whether access is allowed or denied depends on whether an ACI's bind rule is evaluated to be
true. Bind rules use one of the two following patterns:
keyword = "expression"; or keyword != "expression";
Equal (=) indicates that keyword and expression must match in order for the bind rule to be true,
and not equal (!=) indicates that keyword and expression must not match in order for the bind
rule to be true.
NOTE
The timeofday keyword also supports the inequality expressions (<, <=, >,>=).
This is the only keyword that supports these expressions.
The quotation marks ("") around expression and the delimiting semicolon (;) are required. The
expressions you can use depend on the associated keyword.
Table 6.3, “LDIF Bind Rule Keywords” lists each keyword and the associated expressions and
indicates whether wildcard characters are allowed in the expression.
Keyword Valid Expressions Wildcard Allowed
userdn
ldap:///distinguished_name
ldap:///all
ldap:///anyone
ldap:///self
ldap:///parent
ldap:///suffix??scope?(filter)
Yes, in DN only
Bind Rule Syntax
185