Bind Rules; Bind Rule Syntax - Red Hat DIRECTORY SERVER 8.0 - ADMINISTRATION Administration Manual
Hide thumbs
Also See for DIRECTORY SERVER 8.0 - ADMINISTRATION:
- Installation manual (128 pages) ,
- Command reference manual (278 pages)
Table of Contents
Advertisement
Chapter 6. Managing Access Control
from renaming any entries in the set specified by the pattern cn=*,ou=people,o=example.com,
add the following ACI:
aci: (target="ldap:///cn=*,ou=people,o=example.com")
(version 3.0; acl "Deny modrdn rights to the helpDeskGroup";
deny(write) groupdn="ldap:///cn=helpDeskGroup,ou=groups,o=example.com";)
6.4. Bind Rules
Depending on the ACIs defined for the directory, for certain operations, you need to bind to the
directory. Binding means logging in or authenticating yourself to the directory by providing credentials
(a bind DN and password for SASL or a client certificate for SSL). The credentials provided in the bind
operation and the circumstances of the bind determine whether access to the directory is allowed or
denied.
Every permission set in an ACI has a corresponding bind rule that details the required credentials and
bind parameters.
Bind rules can be simple, such as stating that the person accessing the directory must belong to a
specific group. Bind rules can also be more complex, such as requiring that a person must belong to
a specific group, must log in from a machine with a specific IP address, and is restricted to access
between 8 a.m. and 5 p.m.
Bind rules define who can access the directory, when, and from where by defining any of the following:
• Users, groups, and roles that are granted access.
• Locations from which an entity must bind.
• Times or days on which binding must occur.
• Types of authentication that must be in use during binding.
Additionally, bind rules can be complex constructions that combine these criteria by using Boolean
Section 6.4.10, "Using Boolean Bind Rules"
operators. See
6.4.1. Bind Rule Syntax
Whether access is allowed or denied depends on whether an ACI's bind rule is evaluated to be true.
Bind rules use one of the two following patterns:
keyword = "expression"; or
keyword != "expression";
Equal (=) indicates that keyword and expression must match in order for the bind rule to be true, and
not equal (!=) indicates that keyword and expression must not match in order for the bind rule to be
true.
NOTE
The timeofday keyword also supports the inequality expressions (<, <=, >,>=). This is
the only keyword that supports these expressions.
156
for more information.
Advertisement
Table of Contents
Troubleshooting
Subscribe to Our Youtube Channel
Related Manuals for Red Hat DIRECTORY SERVER 8.0 - ADMINISTRATION
Related Products for Red Hat DIRECTORY SERVER 8.0 - ADMINISTRATION
- Red Hat DIRECTORY SERVER 2.0 - GATEWAY
- Red Hat DIRECTORY SERVER 7.1 SP7 - S
- Red Hat DIRECTORY SERVER 8.1 - USING RED HAT CONSOLE 4-28-2008
- Red Hat DIRECTORY SERVER 8.1 - USING THE ADMIN SERVER
- Red Hat Linux Virtual Server
- Red Hat LINUX VIRTUAL SERVER - FOR ENTERPRISE LINUX 5.2 REV 05-2008
- Red Hat LINUX VIRTUAL SERVER 4.5 - ADMINISTRATION
- Red Hat LINUX VIRTUAL SERVER 4.6 - ADMINISTRATION
Need help?
Do you have a question about the DIRECTORY SERVER 8.0 - ADMINISTRATION and is the answer not in the manual?
Questions and answers