Anonymous Access (Anyone Keyword); General Access (All Keyword); Self Access (Self Keyword); Parent Access (Parent Keyword) - Red Hat DIRECTORY SERVER 7.1 - ADMINISTRATOR Administrator's Manual

Bind Rules
ldap:///suffix??sub?(filter)
NOTE

Anonymous Access (anyone Keyword)

Granting anonymous access to the directory means that anyone can access it
without providing a bind DN or password and regardless of the circumstances of
the bind. You can limit anonymous access to specific types of access (for example,
access for read or access for search) or to specific subtrees or individual entries
within the directory.
From the Server Console, you define anonymous access through the Access
Control Editor. See "Creating ACIs from the Console," on page 237.

General Access (all Keyword)

You can use bind rules to indicate that a permission applies to anyone who has
successfully bound to the directory; that is, all authenticated users. This allows
general access while preventing anonymous access.
From the Server Console, you define general access on the Access Control Editor.
For more information, see "Creating ACIs from the Console," on page 237.

Self Access (self Keyword)

Specifies that users are granted or denied access to their own entries. In this case,
access is granted or denied if the bind DN matches the DN of the targeted entry.
From the Server Console, you set up self access on the Access Control Editor. For
more information, see "Creating ACIs from the Console," on page 237.

Parent Access (parent Keyword)

Specifies that users are granted or denied access to the entry only if their bind DN
is the parent of the targeted entry.
You cannot set up parent access control using the Server Console.

LDAP URLs

You can dynamically target users in ACIs using a URL with a filter as follows:
userdn = "ldap:///suffix??sub?(filter)"
222 Red Hat Directory Server Administrator's Guide • May 2005
If a DN contains a comma, the comma must be preceded by a
backslash (\) escape character.