Table of Contents
Advertisement
Bind Rules
You cannot set up authentication-based bind rules through the Access Control
Editor.
The LDIF syntax for setting a bind rule based on an authentication method is as
follows:
authmethod = "authentication_method"
where
Examples
The following are examples of the
authmethod = "none";
Authentication is not checked during bind rule evaluation.
authmethod = "simple";
The bind rule is evaluated to be true if the client is accessing the directory
using a username and password.
authmethod = "ssl";
The bind rule is evaluated to be true if the client authenticates to the directory
using a certificate over LDAPS. This is not evaluated to be true if the client
authenticates using simple authentication (bind DN and password) over
LDAPS.
authmethod = "sasl DIGEST-MD5";
The bind rule is evaluated to be true if the client is accessing the directory
using the SASL DIGEST-MD5 mechanism. The other supported SASL
mechanisms are EXTERNAL and GSS-API.
Using Boolean Bind Rules
Bind rules can be complex expressions that use the Boolean expressions
and
NOT
create Boolean bind rules. You must create an LDIF statement.
The LDIF syntax for a Boolean bind rule is as follows:
bind_rule [boolean][bind_rule][boolean][bind_rule]...;)
For example, the following bind rule will be evaluated to be true if the bind DN is
a member of either the administrator's group or the mail administrator's group
and if the client is running from within the
236
Red Hat Directory Server Administrator's Guide • May 2005
is
authentication_method
to set very precise access rules. You cannot use the Server Console to
,
,
, or
none
simple
ssl
keyword:
authmethod
example.com
"sasl sasl_mechanism"
domain:
.
,
,
AND
OR
Advertisement
Table of Contents
Troubleshooting
