Red Hat Directory Server 8.0 Administrator's Guide
Keyword Valid Expressions Wildcard Allowed
groupdn ldap:///DN|| DN No
roledn ldap:///DN|| DN No
userattr attribute#bindType
orattribute#value
No
ip IP_address Yes
dns DNS_host_name Yes
dayofweek sun mon tue wed thu fri sat No
timeofday 0 - 2359 No
authmethod
none
simple
ssl
sasl sasl_mechanism
No
Table 6.3. LDIF Bind Rule Keywords
4.2. Defining User Access - userdn Keyword
User access is defined using the userdn keyword. The userdn keyword requires one or more
valid distinguished names in the following format:
userdn = "ldap:///dn [|| ldap:///dn]...[||ldap:///dn]"
dn can be a DN or one of the expressions anyone, all, self, or parent:
userdn = "ldap:///anyone" Defines anonymous access
userdn = "ldap:///all" Defines general access
userdn =ldap:///self" Defines self access
userdn =ldap:///parent" Defines access for the parent entry
The userdn keyword can also be expressed as an LDAP filter:
ldap:///suffix??scope?(filter)
NOTE
If a DN contains a comma, the comma must be preceded by a backslash (\)
escape character.
Chapter 6. Managing Access Control
186