Red Hat Directory Server 8.0 Administrator's Guide
NOTE
Do not specify a hostname or port number within the LDAP URL. LDAP URLs
always apply to the local server.
For more information about LDAP URLs, see Appendix C, LDAP URLs.
4.2.6. Wildcards
You can also specify a set of users by using the wildcard character (*). For example, specifying
a user DN of uid=u*,dc=example,dc=com indicates that only users with a bind DN beginning
with the letter u are allowed or denied access based on the permissions you set.
From the Directory Server Console, you set user access from the Access Control Editor. For
more information, see Section 5, “Creating ACIs from the Console”.
4.2.7. Examples
ScenarioExample Description
Userdn
keyword
containing
an
LDAP
URL
userdn = "ldap:///uid=*,dc=example,dc=com"; The bind rule is evaluated to be true if the user binds to the
directory using any distinguished name of the specified pattern.
For example, both of the following bind DNs would be
evaluated to be true:
uid=ssarette,dc=example,dc=com
uid=tjaz,ou=Accounting,dc=example,dc=com
This bind DN would be evaluated to be false:
cn=Babs Jensen,dc=example,dc=com
Userdn
keyword
containing
logical
OR
of
LDAP
URLs
userdn="ldap:///uid=bj,dc=example,dc=com ||
ldap:///uid=kc,dc=example,dc=com";
The bind rule is evaluated to be true if the client binds as either
of the two supplied distinguished names.
Userdn
keyword
excluding
a
specific
LDAP
URL
userdn !=
"ldap:///uid=*,ou=Accounting,dc=example,dc=com";
The bind rule is evaluated to be true if the client is not binding
as a UID-based distinguished name in the accounting subtree.
This bind rule only makes sense if the targeted entry is not
under the accounting branch of the directory tree.
Chapter 6. Managing Access Control
188