Table of Contents
Advertisement
Bind Rules
Bind rules can be simple. For example, a bind rule can simply state that the person
accessing the directory must belong to a specific group. Bind rules can also be more
complex. For example, a bind rule can state that a person must belong to a specific
group and must log in from a machine with a specific IP address, between 8 am
and 5 pm.
Bind rules define who can access the directory, when, and from where. More
specifically, bind rules can specify:
•
Users, groups, and roles that are granted access
•
Location from which an entity must bind
•
Time or day on which binding must occur
•
Type of authentication that must be in use during binding
Additionally, bind rules can be complex constructions that combine these criteria
by using Boolean operators. See "Using Boolean Bind Rules," on page 221 for more
information.
Bind Rule Syntax
Whether access is allowed or denied depends on whether an ACI's bind rule is
evaluated to be true. Bind rules use one of the two following patterns:
keyword = "expression";
keyword != "expression";
where equal (=) indicates that
bind rule to be true, and not equal (!=) indicates that
match in order for the bind rule to be true.
NOTE
The quotation marks (
required. The expressions you can use depend on the associated
The following table lists each keyword and the associated expressions. It also
indicates whether wildcard characters are allowed in the expression.
204
Netscape Directory Server Administrator's Guide • January 2002
keyword
The timeofday keyword also supports the inequality expressions
(<, <=, >, >=). This is the only keyword that supports these
expressions.
) around
expression
""
and
must match in order for the
expression
keyword
and the delimiting semicolon (;) are
and
must not
expression
.
keyword
Advertisement
Table of Contents
