Bind Rule Syntax; Table 6-2 Ldif Bind Rule Keywords - Red Hat DIRECTORY SERVER 7.1 - ADMINISTRATOR Administrator's Manual

Bind Rules
Additionally, bind rules can be complex constructions that combine these criteria
by using Boolean operators. See "Using Boolean Bind Rules," on page 236, for
more information.

Bind Rule Syntax

Whether access is allowed or denied depends on whether an ACI's bind rule is
evaluated to be true. Bind rules use one of the two following patterns:
keyword = "expression";
keyword != "expression";
where equal (=) indicates that
bind rule to be true, and not equal (!=) indicates that
not match in order for the bind rule to be true.
NOTE
The quotation marks (
required. The expressions you can use depend on the associated
The following table lists each keyword and the associated expressions. It also
indicates whether wildcard characters are allowed in the expression.
Table 6-2
Keyword
userdn
groupdn
roledn
220 Red Hat Directory Server Administrator's Guide • May 2005
keyword
The timeofday keyword also supports the inequality expressions
(<, <=, >, >=). This is the only keyword that supports these
expressions.
) around
""
LDIF Bind Rule Keywords
Valid Expressions
ldap:///distinguished_name
ldap:///all
ldap:///anyone
ldap:///self
ldap:///parent
ldap:///suffix??sub?(filter)
ldap:///DN || DN
ldap:///DN || DN
and must match in order for the
expression
keyword
and the delimiting semicolon (;) are
expression
and must
expression
.
keyword
Wildcard Allowed?
yes, in DN only
no
no